Simjacker - the next frontier in mobile espionage

Presented at VB2019, Oct. 3, 2019, 9 a.m. (30 minutes)

AdaptiveMobile Security has detected a unique and novel mobile core network vulnerability that is currently being exploited by a sophisticated attacker in multiple countries for surveillance reasons. This exploit represents arguably one of the most complex and sophisticated attacks ever seen over mobile core networks. The observed attack involves the remote retrieval of specific information, such as location information, without the awareness or interaction of the mobile phone user. The vulnerability can also be used to perform additional types of attacks, such as denial of service, fraud, and other forms of information harvesting. In this session, we will explain the vulnerability and how it is exploited. To begin, we will cover how the vulnerability works structurally, and its technology underlay. Then we will discuss its potential reach, which operators and which countries could be affected, along with an idea of where we have actually seen attacks occurring. We will then give some intelligence overviews - i.e. who we think is exploiting it, and why. We will also show the attack's evolution over time, and the reaction of the attackers to their activity being detected and blocked, both on our side and at an industry level. Finally, we will show what we found to be the best ways to detect and block related attacks, and provide tactical recommendations for the future to deal with the evolution of mobile network attacks. ### Related links * [Simjacker technical paper](https://simjacker.com/downloads/technicalpapers/AdaptiveMobile_Security_Simjacker_Technical_Paper_v1.01.pdf) (*AdaptiveMobile*) * [Simjacker - Frequently Asked Questions and Demos ](https://www.adaptivemobile.com/blog/simjacker-frequently-asked-questions#When:14:02:00Z)(*AdaptiveMobile*) * [These are the 29 countries vulnerable to Simjacker attacks](https://www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/) (*ZDNet*)

Presenters:

• Cathal Mc Daid - AdaptiveMobile Security
  Cathal Mc Daid Cathal Mc Daid is the Chief Technology Officer at AdaptiveMobile Security. He is one of the world's foremost experts in mobile network signaling security. As CTO his role is to define the technology strategy and long-term technical vision, as well as to lead the team responsible for applied research in the fields of cybersecurity & mobile networks. His pivotal work in the industry has been recognized by the GSM Association where he is a primary contributor to the GSMA's Fraud and Security Group, including being editor and leading author of the SS7 Interconnect Security Monitoring and Firewall Guidelines (FS.11). He has over 15 years of experience in telecoms, messaging and security, he is a frequent contributor to business and technology media, where his work has featured on USA Today, BBC, Forbes, Bloomberg and The Register. He is also a regular speaker at industry events. Prior to joining AdaptiveMobile Security, Cathal has held technical roles in a telecom infrastructure provider and an EDA software provider, as well as founding a successful Bluetooth startup. His academic background includes a B.Eng. in computer engineering from the University of Limerick and an Executive MBA from INSEAD.

Links:

• https://www.virusbulletin.com/conference/vb2019/abstracts/simjacker-next-frontier-mobile-espionage
• https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Mc-Daid.pdf

Similar Presentations:

• VB2015 / Mobile banking fraud via SMS in North America: who's doing it and how
• 33C3 (2016) / Million Dollar Dissidents and the Rest of Us: Uncovering Nation-State Mobile Espionage in the Wild
• Black Hat USA 2016 / Can You Trust Me Now? An Exploration into the Mobile Threat Landscape