Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sim-jacker update #1

Open
theapache64 opened this issue Sep 12, 2019 · 195 comments
Open

sim-jacker update #1

theapache64 opened this issue Sep 12, 2019 · 195 comments

Comments

@theapache64
Copy link
Owner

theapache64 commented Sep 12, 2019
edited
Loading

Website: https://simjacker.com 🌐
News : https://thehackernews.com/2019/09/simjacker-mobile-hacking.html 📰
Reddit : https://www.reddit.com/r/simjacking

What do you have ?
@Romulus968
Copy link

What do I have?

Your repository cause we're in the same kayak on Shit River with no paddle.

@Romulus968
Copy link

Romulus968 commented Sep 13, 2019
edited
Loading

I think Cellebrite is likely the "surveillance vendor" that is mentioned in these articles based on their current capabilities.

What I know:

  • The attacker sends an SMS with hidden instructions from the Sim App Toolkit

  • Phone receives SMS, S@T Browser on the SIM recognizes the commands

  • The attacks are completely silent. The victim never receives a message in their inbox.

  • The attack targets the S@T Browser, meaning it doesn't matter what kind of device the user is on

  • Attacks are accomplished via sending binary code

  • We likely won't ever see official source code, but we are surrounded by very intelligent people and someone will replicate this attack in time.

simjacker-attack-wild

@theapache64
Copy link
Owner Author

@Nic8895

We likely won't ever see official source code, but we are surrounded by very intelligent people and someone will replicate this attack in time.

I be waitin' fer that moment!! 🕐

Anyways, thanks fer yer update matey ☠️

@AadeshGurav
Copy link

Hey bro i am from know_where so i am able to access a network tower near my home which basically provides calling, sms services and GPRS Services so what i am asking is, can we add a backdoor to it accessing the whole area network as they use windows server edition pls reply I'll have my eyes on this thread

@bbaranoff
Copy link

hello got this from positive technologies Dear Bastien Baranoff,
 

Good news for Friday the 13th! We've decided to drop a webinar on mitigating the recently uncovered Simjacker vulnerability next Thursday, September 19. 

 

The Positive Technologies team has years of sustained experience with analyzing vulnerabilities of all kinds. Back in 2014, our experts published the report "4G Security: Hacking USB Modem and SIM Card via SMS," in which they stressed the possibility of precisely such attacks and how a hacker could perform them. Even better, our product has already been tested and proven to secure systems from the latest "Simjacker" attacks.

 

During the webinar, our experts will role-play the attack process, show the must-know details and specifics, and give recommendations on how to prevent your network from being hacked by Simjacker. 

@theapache64
Copy link
Owner Author

theapache64 commented Sep 13, 2019
edited
Loading

@Aadesh9985 What do you mean by "able to access a network tower" ? What kind of access do you have ? remote, physical or both ?

@bbaranoff That's some great news. I'd really love to watch the event. Do they have any plan on live streaming the event ?

@Romulus968
Copy link

hello got this from positive technologies Dear Bastien Baranoff,

Good news for Friday the 13th! We've decided to drop a webinar on mitigating the recently uncovered Simjacker vulnerability next Thursday, September 19.

The Positive Technologies team has years of sustained experience with analyzing vulnerabilities of all kinds. Back in 2014, our experts published the report "4G Security: Hacking USB Modem and SIM Card via SMS," in which they stressed the possibility of precisely such attacks and how a hacker could perform them. Even better, our product has already been tested and proven to secure systems from the latest "Simjacker" attacks.

During the webinar, our experts will role-play the attack process, show the must-know details and specifics, and give recommendations on how to prevent your network from being hacked by Simjacker.

I'm curious as to how they're going to go about mitigating threats to S@T w/o reissuing SIM cards or forcing carrier to block S@T commands OTA, which ain't gonna happen because S@T is used in part of the process of updating Android devices OTA.

@bbaranoff
Copy link

@theapache64 i was invited by mail i have a token but it is personnal maybe by subscribing to positive technologies you will have one

@theapache64
Copy link
Owner Author

@bbaranoff I searched for the event here, but they didn't officially listed it there. I've contacted them via twitter and currently waiting for their reply. I'll definitely update their response here.

@bbaranoff
Copy link

@theapache64 maybe try that [email protected]

@bbaranoff
Copy link

@Aadesh9985 you mean that you have made imsi catcher? you want to know if you can access to shell with it i am asking the same...

@bbaranoff
Copy link

i don't know if there is personnal cookies here but i shared for the love of information you can subscribe at the webinar here https://hs-6022457.t.hubspotstarter-ij.net/e2t/c/*W5GtnHw3r9Mm1W8XbcgY991Qtx0/*W7wkqw764pWq0W8WPsJP22TKDT0/5/f18dQhb0Sq5w8YHrCHN8t4ZczHyjJqW8qC89C3LyBpnW3hHhbQ5zh-NRVnQ9Qq8-LqRQW4dPXKZ8--v1pW1Txv798Ywj4mW1VJSg2567DzRVsgYCn56Bsf7W2Rxf3B78Kc8kW12Q-yq2f-ZBxW5pfQN35mZ9RMW7qjTB97qp6PBW4bH_qw2N33B5W3_t0gL32Gf2QW4dy5FS1kXfytW1SdKWJ1m2kWgW8Xl1bl8W1M0pW4srmsj6gXBFnN67h1zcQC5z2VPC2cV7flNcHW3Lt9Y23PHktfN6SfbsHgBSSdW964sC736p5J1W6T0lCR994443W94wcjZ8q-t2KN39SYcH7YFBYW1rGnpT2CTTHvW25MxWJ4VT6xnW4pPWTW1kl7Z6W5C3gbQ4XzrhpW4Vmy433MNlQ7VgMCQG4rHfJ6W1rLXSD3l09HBVbV_H35v-xbHW5HFsGK8dZNd1W4Pw1Vk2sbPxnVqV10K3CdJqgW3VV9cn2-BbBHW3jNnjl7jTn9GW96L2lj31GHfxW124NqL1Hdx05W4H7Wmx4MqSD_W2j7NY64HxPjzW519knw85v0x3W723QBb71wShbTfK5B7X1nzn103

@theapache64
Copy link
Owner Author

theapache64 commented Sep 14, 2019
edited
Loading

@bbaranoff Thank you so much for the link. I appreciate that.

image

@bbaranoff Can I post the link in our reddit thread ?

@bbaranoff
Copy link

@theapache64 yes you can post it to reddit

@Valen3D
Copy link

Valen3D commented Sep 14, 2019

Someone got's new informations about simjacker ? I so scary to see the binary code on internet... it's possible?

@AadeshGurav
Copy link

@theapache64 i have physical access to it and the person who is in charge is my friend so he will let me in without doubt. What my questions are 1) Can we create a backdoor to windows server 2) What we can do after getting the access to the network tower.
Contact me at [email protected]

@theapache64
Copy link
Owner Author

@Valen3D Everyone's waiting for the binary, or at least a POC
@Aadesh9985 Off-topic + I don't have any knowledge on cell tower software stack. Maybe you can get help from r/CellTowers, also please let me know personally once you got any information on this (seriously curios 🚀 )

@Valen3D
Copy link

Valen3D commented Sep 14, 2019
edited
Loading

I have a question. How can use thats? Juste send the message binary ? How the informations can come ( localisation for exemple) by sms ?

@RealAlphabet
Copy link

I found this https://www.simalliance.org/files/S@T/S@T_Specifications_2007/S@T%2001.20%20v3.0.0%20(Release%202007).pdf

@bbaranoff
Copy link

Think the attack is based on those previous works :
https://hackinparis.com/data/slides/2015/timur_yusinov_root_via_sms.pdf
https://media.blackhat.com/us-13/us-13-Nohl-Rooting-SIM-cards-Slides.pdf
https://www.youtube.com/watch?v=31D94QOo2gY
https://www.youtube.com/watch?v=A5l8YCCYxrc
https://opensource.srlabs.de/projects/simtester
https://osmocom.org/projects/baseband/wiki/SoftSIM

@bbaranoff
Copy link

To send binary sms via osmocomBB see this https://translate.google.com/translate?sl=auto&tl=fr&u=https%3A%2F%2Fcn0xroot.com%2F2016%2F12%2F09%2Fgsm-hacking%25ef%25bc%259athe-application-of-silent-sms-in-technical-investigation%2F

@bbaranoff
Copy link

like it is said quote "Disclosed by researchers at AdaptiveMobile Security in new research published today, the vulnerability can be exploited using a $10 GSM modem to perform several tasks, listed below, on a targeted device just by sending an SMS containing a specific type of spyware-like code." unquote I am quite sure that the 10$ gsm modem is an osmocom compatible phone aka motorola c1xx series see here if you want to buy one https://osmocom.org/projects/baseband/wiki/Phones

@AadeshGurav
Copy link

@theapache64 u are my source to this topic, well i am looking for other things too. I'll inform as soon as i get something valuable

@Gh0st001
Copy link

any one

@bbaranoff
Copy link

made a video of SIMTester https://youtu.be/CTDiT6L46k8

@sebastiannielsen
Copy link

sebastiannielsen commented Sep 15, 2019
edited
Loading

which ain't gonna happen because S@T is used in part of the process of updating Android devices OTA.

would be easy for the carrier to block S@T for everyone else except authorized (whitelisted) numbers/SMS-centers which belong to mobile manufacturers and carriers, who need to OTA update things.

@Tit-7
Copy link

Tit-7 commented Sep 15, 2019

Hi guys.
I'm from Russia. I've just joined to you, and have found very much interested info.
Well, i'm using in a theme of hacking the telegram messenger by gathering up the control of the sim. Three days ago i've find out some info about sim-jacker attac. So, this night i'll analyse your posts here))0)
Waiting for news, guys!

@Tit-7
Copy link

Tit-7 commented Sep 16, 2019
edited
Loading

Guys, i gonna found some info about people, were under attack.
Maybe we can ask for detalyse of ussd (sim-jacker) codes, gone onto their sim.
If u'll found some info about that, please ping me ;]

@bbaranoff
Copy link

bbaranoff commented Sep 16, 2019
edited
Loading

Made a video about loading an STK applet on sim with ShadySim https://youtu.be/F55eJr40CoQ

@theapache64
Copy link
Owner Author

@bbaranoff Good work brother

@anyoneoruser
Copy link

anyoneoruser commented Apr 5, 2024 via email

@DragonAriyan
Copy link

So Y'all can tell me from what to what our chat became? have we finally got sim jacking?

@trufa10008000
Copy link

i have the code but stopped working from my country(if send from telco local), still working from diferent countrys. help fixing?

@DragonAriyan
Copy link

What Youre using? twillio?

@smfai200
Copy link

smfai200 commented Apr 7, 2024

Finally, I've been able to send Binary PDU Messages and i have identified a network over which they aren't blocked yet. So Now comming over to the question, How to exploit it further?
Currently I sended a binary message:

0041000B912143658709F07FF63802700000330D0000000050534800000000000042230121020744382E3130353105160604313035312D0C1003830607912143658709F02B00

2143658709F0 means the phone number is (123) 45678900

It flashed on the target phone with Invalide Incomming Message!
How to further exploit it ?

@trufa10008000
Copy link

ok wanna get in contact to change the code to get further stuff? any email? or private chat? i got the codes and know how to change them

@smfai200
Copy link

ok wanna get in contact to change the code to get further stuff? any email? or private chat? i got the codes and know how to change them

Sure. I've emailed you on this for further collaboration. I'm lacking simtrace actually which is restricting me from further testing.

@smfai200
Copy link

ok wanna get in contact to change the code to get further stuff? any email? or private chat? i got the codes and know how to change them

I have created a community on Discord for this. Everyone can join in so that a compiled form of efforts results in benefit to everyone on the open source community!

https://discord.gg/XS2s4NUW

@everydaze
Copy link

Hi Everyone! I find simjacker to be fascinating. This is a great project. I was hoping to join you on both here and on discord if invites are still possible.

Thank you!

@Ilori-Jaiyeola
Copy link

Ilori-Jaiyeola commented Jun 7, 2024 via email

@everydaze
Copy link

everydaze commented Jun 11, 2024 via email

@everydaze
Copy link

Any chance someone can send me a current discord invite please? I'd like to join the group and share whatever I can contribute. Thank you

@DragonAriyan
Copy link

Is this still active? OR where the regular discussion is going on?

@zroday
Copy link

zroday commented Aug 1, 2024

ok wanna get in contact to change the code to get further stuff? any email? or private chat? i got the codes and know how to change them

I have created a community on Discord for this. Everyone can join in so that a compiled form of efforts results in benefit to everyone on the open source community!

https://discord.gg/XS2s4NUW

Hello, could you resend the link to the discord server?

@everydaze
Copy link

everydaze commented Aug 2, 2024 via email

@Ilori-Jaiyeola
Copy link

Ilori-Jaiyeola commented Aug 2, 2024 via email

@everydaze
Copy link

everydaze commented Aug 4, 2024 via email

@Ilori-Jaiyeola
Copy link

Ilori-Jaiyeola commented Aug 4, 2024 via email

@everydaze
Copy link

everydaze commented Aug 4, 2024 via email

@psmitty7373
Copy link

psmitty7373 commented Aug 22, 2024
edited
Loading

@Ilori-Jaiyeola, Discord link has expired again, kindly drop another?

@bbaranoff
Copy link

https://github.com/X-3306/Exploit-Mobile-Phone-SIM-Card-for-Eavesdropping

@anyoneoruser
Copy link

anyoneoruser commented Nov 7, 2024
edited
Loading

Thanks, @bbaranoff, this give some ideas of what we can do with this capability. The ambigious thing is how to send the shady SMS, witch will obviously be blocked by the provider. Luckily, @smfai200 found a network wher they aren't blocked on yet and i am very happy for you that you found the way. But i don't know in what consist this network and how to send SMS on it. Maybe this solution is on the discord server ? I don't know, i didn't saw there is that and all invitation links are invalid. Could i have a valid Discord server invitation link so i can join, please ?

@anyoneoruser
Copy link

@Ilori-Jaiyeola, Discord link has expired again, kindly drop another?

@psmitty7373 may also be happy of that.

@trufa10008000
Copy link

@Ilori-Jaiyeola, Discord link has expired again, kindly drop another?

@psmitty7373 may also be happy of that.

https://discord.gg/RysfH9uG

@Ilori-Jaiyeola
Copy link

Ilori-Jaiyeola commented Nov 7, 2024 via email

@trufa10008000
Copy link

https://discord.com/invite/JDkRbvwB

On Thu, Nov 7, 2024, 17:50 trufa10008000 @.> wrote: @Ilori-Jaiyeola https://github.com/Ilori-Jaiyeola, Discord link has expired again, kindly drop another? @psmitty7373 https://github.com/psmitty7373 may also be happy of that. https://discord.gg/RysfH9uG — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKAEPK2DDZQ6RCDHYJ7GAVDZ7OK3PAVCNFSM4IWJJVGKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TENBWGI3TINBQGQZQ . You are receiving this because you were mentioned.Message ID: @.>

hey Ilory goto discord this weekend i have something we need to test it

@Ilori-Jaiyeola
Copy link

Ilori-Jaiyeola commented Nov 7, 2024 via email

@Ilori-Jaiyeola
Copy link

Ilori-Jaiyeola commented Nov 7, 2024 via email

@bbaranoff
Copy link

https://github.com/mnemonic-no/ScapySMS i think we should took a look

@bbaranoff
Copy link

@anyoneoruser I just saw your reply sorry to not be firewalled you may do this with an IMSI catcher or simply try with the firewall some telcos shall have a bad fw

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests