Research: SIM Attacks.

Updated 28 November 2017.

Copyright: European Union Public License, version 1.2 (EUPL-1.2).

The truth about real-life SIM attacks.

Often we hear secondhand tales of how mobile users’ security and privacy was compromised in one way or another. The trouble in these situations is that the stories have been passed down so much that the result is something of an urban legend or even a watered-down version of the original story. Because these stories have seemed, up to this point, something of myth, carriers and state-sponsored criminals have been able to continue carrying out privacy compromises with no repercussions.

We have collected a variety of stories that demonstrate the vulnerability of mobile users’ SIM cards. It is important to remember that your SIM contains the information of who you are calling, your personal information, and even your location. Here are some examples of why we must all be diligent when it comes to knowing how far our privacy is compromised on a daily basis.

1. Data uploading when device is off The Background

In this example, the user lived in France and owned an iPad Air LTE that also contained a SIM card. The national mobile carrier in France is Orange, so this situation is something that could happen to any Orange subscriber.

The user had been on vacation in Spain, but found that he was unable to connect to the local 4G signal, even though the carrier had said he should have been able to. When he returned to France, he found that his iPad was not able to access the French network as well, forcing him to contact Orange for assistance.

Orange’s customer service had requested him to turn the device off in order to upload the proper SIM settings, which he did and the device worked thereafter.

1.1 Conclusion

What was found in this situation was that the carrier had access to his SIM card, even when the device was powered down. This means that there is still some kind of signal emitted when the device is not operational. The problem with this is that a carrier as well as a state-sponsored criminal could access the user’s SIM card without permission or knowledge, even on an iOS device.

Unfortunately, much of what is on a SIM cannot be altered or removed since it is part of your carrier network. There are still some things that you can control. If you purchase a SIM reader, which is a USB device that will plug into your computer, you can view your SIM card and delete the non-essential stored information.

You can also contact your carrier directly and request that they lock you SIM card, which will stop anyone from reading your card, but also makes it impossible for the card to be used on another device.

2. Disappearing text messages The Background

In this situation, the user had a new credit card coming from his bank. The bank had informed him that the PIN number for the new card would arrive via text message following his registration of the card and that the text would disappear after three days. The text message did disappear after the three days were up.

2.1 Conclusion

What this situation showed is that not only do carriers have access to deleting messages from your phone or device, but that even a bank has the ability. The type of text message that has the ability to disappear is known as a Flash SMS. This type of text message is not actually stored in your message inbox, but is typically used as a way to garner the user’s attention for marketing purposes. The fact that the message is not actually stored may be a positive thing, however, companies can use the flash method to intrude on the user’s device by spamming him.

Fortunately, if you are being bothered by Flash SMS’s, there is a way that you can block it. Depending on your device, there should be an option to disable flash message spam so your device will not allow them to appear. Unfortunately if your bank is trying to send you information through this method, you may not be able to receive that.

3. Changing device settings The Background

A user had purchased a new smartphone, but wanted to use the old SIM in order to carry over his phone number and contacts that were stored on it. The new phone’s internet, however, was not operating, forcing him to contact the carrier for help. The carrier then sent a text message to the user. Once the text was opened, the internet was functioning on the phone.

3.1 Conclusion

This situation proved that carriers can alter a device’s settings remotely through the SIM card. They didn’t even need to have the device present. Carriers use the same method to update a device’s firmware as well as remotely configuring handsets or even locking devices.

Researchers Mathew Solnik and Marc Blanchou tested and found that nearly all devices have a vulnerability when it comes to accessing settings on a mobile device. Depending on the ability of a hacker, much of a user’s phone could be altered remotely. Thankfully, there have not been reports of hackers or state-sponsored criminals using this vulnerability, but the risk is still there.

4. Locating you with your device The Background

A user with a dumb phone was near a crime that took place and was called by the police about the event. The police had used information that showed all of the mobile numbers that were near the area when the crime happened. The man was able to be interviewed for information regarding the crime because they could know his device’s location.

4.1 Conclusion

Your device’s location can be generally tracked as long as you are in proximity to a cell tower. In order to use a mobile device, the carrier will triangulate your signal every 10 seconds. The purpose behind that is simply to give you internet or cellular access. The result, however, is that your location can be tracked whenever you have your phone or device with you.

It is important to keep in mind, however, that the triangulation is more general and cannot pinpoint exactly where you were, but only where you were generally. There is no way around this if you would like to keep a mobile device, because the towers need to give you signal to use it. Unfortunately, this means that state-sponsored criminals could utilize this information against you. The only protection you have here is to remove the battery or be in a remote location where there is no carrier signal.

5. Finding you with a new SIM The Background

In this case, a user had purchased a new SIM due to a carrier which, but was able to utilize the same phone. The SIM meant that he had a new phone number in addition to being with a new carrier. One day, the previous carrier was able to call him on the new number to ask why he had changed carriers, even though they should have had no record of his phone number change.

5.1 Conclusion

Even though SIM cards have a unique identifier, the man’s new information was able to be discovered. Your phone as well as your SIM contain unique information, so even if your SIM has changed, they can use your phone’s unique information to still find you. His previous carrier had used the phone’s identifier to discover the new phone number.

In the event that a state-sponsored criminal or a hacker wanted to track him, they could track him even on a new phone number as long as they had the phone’s information. The best thing you can do to avoid this violation is to purchase a new phone when you change SIM cards, breaking the link from the previous SIM card.

6. How to stay safe

The takeaway from all of these events is that your SIM card contains information that you may not be able to keep from state-sponsored criminals. The best thing you can do to protect yourself is to obtain a SIM reader to keep your SIM clean in the event that it is lost or taken by a state-sponsored criminal. Changing your SIM card is not enough if you would like a clean break from your carrier. You will need to change phones as well as carriers, preventing your previous carrier from locating you. You cannot stop your general location from being discovered due to the need of the carrier to provide you with a signal, unless you remove the battery from your device. Be aware of the privacy risks in regard to your SIM and keep your information protected.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s