Firstly, Simjacker vulnerability and SS7 attack

Since the second half of 2019, various high-risk vulnerabilities on mobile devices have been frequently exposed, including two so-called

The main vulnerabilities include:

Firstly, Simjacker vulnerability and SS7 attack

Under the condition of triggering the vulnerability, after the attacker sends specially constructed message packets to the S@T browser of the target Sim card, they can perform some illegal operations on the target, including sending false information, dialing premium rate numbers, and other fraudulent activities, eavesdropping, spreading malware, denial-of-service attacks, retrieving device information such as language and battery power, etc.

In addition, a classic SS7 attack method called Sim card attack is also used in conjunction. When there is an attacker with the login privileges to the SS7 network server or gateway, they can send location roaming and redirection requests to the target through the SS7 network, thereby being able to hijack SMS messages and calls.

Secondly, WIBattack vulnerability

By sending malicious SMS messages to the victim's phone number, attackers can use vulnerabilities in the WIB sim browser to remotely control the victim's phone to perform harmful operations, such as sending SMS messages, making phone calls, obtaining the victim's location, starting other browsers (such as WAP browsers), and obtaining the victim's IMEI, etc. According to some experts, they found that this vulnerability caused serious damage to hundreds of millions of telecommunications users worldwide in 2015.

3. iOS Jailbreak Vulnerability

Researchers disclosed that there is a BootROM vulnerability existing in iOS devices, which they named checkm8, pronounced as checkmate, which is a term in chess meaning 'checkmate' in international chess terms. After attackers obtain the user's Apple phone, they can obtain the user's data after performing jailbreak operations.

According to information, this vulnerability exists in all Apple A series processors from A5 to A11, affecting all iPhones from iPhone 4S to iPhone 8, iPhone X, as well as other iOS devices such as iPads and iPod touch that use the same A series processors. What is more concerning is that the BootROM vulnerability exists in the hardware and cannot be repaired through software.

4. Android High-Risk Privilege Escalation Vulnerability

As a local privilege escalation vulnerability, attackers only need a little or no customization to completely obtain the root privileges of the attacked phone, and can install untrusted applications or combine attacks with the affected phone through the Chrome browser content. Google then announced multiple vulnerable phone models, including several Samsung phones, Google Pixel phones, as well as Huawei, Xiaomi, OPPO, and other brands. Currently, this privilege escalation vulnerability has been fixed. It is worth noting that Google found that the vulnerability was exploited and weaponized by the Israeli NSO Group.

5. iOS Vulnerability Exploitation Chain

The Google security team Project Zero Threat Analysis Group (Threat Analysis Group) found that there are 14 security vulnerabilities in iPhone. Currently, all the vulnerabilities have been fixed, and these vulnerabilities have been constructed into an attack chain and have been used for two years. The specific exploitation scenario is roughly that if a user visits a website, hackers may obtain information, photos, contacts, and location information. Statistics show that the number of visitors to these websites can reach thousands per week.

The above five vulnerabilities or vulnerability exploitation chains exist in both the hardware layer and the operating system layer. In addition, vulnerabilities in the application layer should not be ignored either. For example, it was revealed that WhatsApp allows hackers to use GIF images to attack users, thereby stealing personal information, chat records, and other personal privacy. Qianxin Threat Intelligence Center believes that attackers can use application layer vulnerabilities in combination with underlying vulnerabilities for combined attacks, thereby obtaining greater value.

Of course, whether it is Android, iOS, SIM card, or application vulnerabilities, they are all closely related to people's daily lives. Once they are used for illegal purposes, the consequences are unpredictable. Therefore, it is necessary to greatly enhance the safety awareness of the whole people, update security patches in a timely manner, and at the same time, operators should also cooperate with security researchers to patch SIM card vulnerabilities, and reduce the impact of vulnerabilities on the country, society, and daily work and life to the greatest extent.

*Author of this article:Qianxin Threat Intelligence Center, please indicate the source as FreeBuf.COM when reproduced