Threat Category: USIM / SIM / UICC security
ID: STA-21
Threat Description: Applications on the SIM card can be remotely configured by operators by sending a special class of SMS. Each application on a SIM card is configured with a corresponding minimum security level (MSL). Attackers can only exploit applications where the MSL is set to zero. An unprivileged user is normally gained through attacking a system and exploiting an unprivileged process. If an application with abuse potential is present on the SIM card, it can instruct a mobile phone to do various things, such as make a call, send an SMS, get location, prompt the user for input, establish a TCP/TLS connection, or open a browser on a specific URL.1
Threat Origin
Not Applicable, See Exploit or CVE Examples
Exploit Examples
Spoofing and intercepting SIM commands through STK framework 2
CVE Examples
Possible Countermeasures
References
Security Research Labs, New SIM attacks de-mystified, protection tools now available, blog; https://srlabs.de/bites/sim_attacks_demystified/ [accessed 12/03/2019] ↩
A. Chaykin, “Spoofing and intercepting SIM commands through STK framework,” blog, 26 Aug. 2015; http://blog.0xb.in/2015/08/spoofing-and-intercepting-sim-commands.html ↩