Search This Blog

Showing posts with label SIM jacking. Show all posts

Canadian Teenager Charged and Arrested for $50 Million Cryptocurrency Theft


Samy Bensaci, an 18-year-old teenager from Montreal, Canada has been indicted for 4 criminal charges in relation to a theft of cryptocurrency worth $50 million in a SIM-swapping scam that targeted cryptocurrency holders, as per the reportings by Infosecurity Magazine, dated 17th of January.

The Canadian authorities have accused the teen hacker of being a part of a hacking group that was involved in the theft of millions of dollars from Canadians and Americans. The scam, of which Bensaci was allegedly a part of, stole, "$50 million from our neighbors to the south and $300,000 in Canada" told Lieutenant Hugo Fournier, a spokesperson for the Sûreté du Québec.

Bensaci was charged and consequently arrested in November and was later released on CA $200,000 bail, on orders of living with his parents in Northeast Montreal, as per the local media reports. As a result of the incident, prosecutors prohibited Bensaci's access to any device that can be connected to the internet including computers, mobile phones, tablets, games, and consoles. Specifically from accessing, “any computer, tablet, mobile phone, game console, including PS3, PS4, Xbox, Nintendo Switch, or any other device capable of accessing the Internet”. He has also been ordered to hand over his passport to local police to assure he does not flee away from the country.

One of the purported victims Don Tapscott confirmed, “We can confirm that last year a hacker attempted to steal crypto assets from our company and its employees. That attempt was unsuccessful. We cooperated with the police [and] have been impressed with their determination to bring those responsible to justice.”

SIM swapping attack, also known as SIM jacking or SIM splitting is a form of identity theft where an attacker targets a weakness in two-factor authentication to take over an account. The attacker exploits a cell phone carrier's ability to port a phone number to a new device with a new SIM to acquire access to the victim's credit card numbers, bank accounts, and other financial information. The feature is normally used when someone loses access to his phone (or gets it stolen) or is switching service to a new device. As the reliability of customers on mobile-based authentication is growing, SIM swap attacks have also been on a rise in recent times.

Food blogger Jack Monroe lost 5000 Euros in phone number theft



"I lost 5000 Euros when my phone number was hacked and re-used on another sim card," says Jack Monroe. The culprits then successfully received her two-time verification information and obtained her bank and cash records."I was already concerned about the safety and had several steps in check," said Jack in a tweet. The industry was not able to address the "sim-jacking," says a privacy campaigner. The blogger expressed her anger in a tweet when she was told, 'although she would get her mobile number back in no time, the amount stolen will take time to refund.' "The cash taken has cost me very much - I'm a self-engaged freelancer and I have to work for every cent that I make," she tweeted.

The food writer is recognized for her cost-effective recipes and her support for campaigns against poverty. Sim-jacking, or Sim-swapping, is when culprits switch a mobile number with another Sim and use it as their own. This is done by criminals pretending as a consumer who wants to shift to a separate mobile service provider but doesn't want to change the phone number.

While personal information is required before requesting a sim transfer, the information is sometimes already available on the internet. - In this case, Ms. Monroe's date of birth, for instance, was retrieved from the internet. In other cases, the shop keepers or sim providers are often tipped for sim-jacking.

The first sign of sim hijacking for the victim is when their phone stops functioning. "The cases of sim-swapping in England are rare but there have been instances in other parts of the world. The industry is unable to combat the problem of sim-jacking," said Pat Walshe, Director, Privacy Matters, to BBC. The task of sim swapping is not common but one can do it easily if they want to, says Pat.

If ever caught in sim-jacking, the victims should always report the incident to their mobile operator or the ICO (Information Commissioner's Office). "The case should now push the ICO to inquire whether mobile operators and shop owners are actively following the protocol to protect services and data under telecommunication privacy laws," said Pat. The Global System for Mobile Communications, commonly known as 'GSMA' has made an alternative mobile identification verifier known as Mobile Connect. The ICO has been contacted by BBC, regarding the data theft problems.

Simjacker Exploits S@T Browser to Affect a Billion Users



Platform agnostic attack, Simjacker allows hackers to remotely exploit the victims' phone by sending a SMS which contains a malicious code; the code gives instructions to the universal integrated circuit card (UICC)/ SIM card placed inside the targeted device to retrieve and carry out sensitive commands.

The attack is set into motion as soon as the 'attack SMS' sent via another remote handset, is received by the targeted device. The process involves a series of SIM Toolkit (STK) directions particularly configured to be sent on to the SIM Card inside the victim's device.

To ensure a proper execution of these instructions, Simjacker exploits the S@T Browser, which is a software found in SIM cards. After receiving the 'attack SMS', SIM card resorts to the S@T Browser library for setting up the execution friendly environment which can trigger logic on the infected device.

S@T Browser, a legacy browser technology placed inside the SIM cards on a number of handsets, was typically used to send promotional messages or spam text messages. However, the attackers went on exploiting it for obtaining device's location and its unique International Mobile Equipment Identity (IMEI).

The attacker sends a SMS to the S@T browser asking it for the aforementioned information which it would obtain and store on to the SIM card. Then, the attacker would send another SMS to acquire the stored information. These messages are send and received in binary codes, unlike regular messages. It doesn't alert the victim in any manner and hence qualifies to be a highly effective tool for attacking mobile phones via messages.

Referencing from the findings of mobile carrier security company AdaptiveMobile Security, 

"The main Simjacker attack involves an SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands." 

"We believe this vulnerability has been exploited for at least the last two years by a highly sophisticated attacker group." The report reads. 

Notably, the exploit is working as a lot of operators are failing to check the origin of these binary codes (SMS), which can be blocked by configuring the firewall technology in their corresponding networks, advises AdaptiveMobile.





Hackers Exploiting a Critical Weakness in Mobile Phones to Track Location



The interface designed for the usage of cell carriers is being exploited heavily by attackers. It allows the cell carriers to get in direct touch with the SIM cards inside subscribers' smartphones, the interface can be employed by the carriers for allowing subscribers to make use of the data stored on their SIM card to provide account balances along with other specialized services.

Hackers can secretly track the location of subscribers by exploiting the interface and giving commands to acquire the IMEI identification code of device; the Simjacker exploit further allows them to carry out actions such as making calls or sending messages.

According to the researchers at AdaptiveMobile Security, the working of the Simjacker exploit is not limited to a few devices, rather, it can be carried out on a wide range of mobile phones, irrespective of their software or hardware.

Unfolding the various aspects of the attack, Dan Guido, a mobile security expert and the CEO of security firm Trail of Bits told Ars, “This attack is platform-agnostic, affects nearly every phone, and there is little anyone except your cell carrier can do about it.”

While commenting on the issue, Karsten Nohl, the chief scientist at SRLabs, told Ars, “We could trigger the attack only on SIM cards with weak or non-existent signature algorithms, which happened to be many SIM cards at the time,”

 “AdaptiveMobile seems to have found a way in which the same attack works even if signatures are properly checked, which is a big step forward in attack research.” He added.

Sim swapping attacks hit US cryptocurrency users

Something strange happened last week, with tens of US-based cryptocurrency users seeing SIM swapping attacks.

Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, in what appears to be a coordinated wave of attacks.

SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card.

The purpose of this attack is so that hackers can reset passwords or receive 2FA verification codes and access protected accounts.

These types of attacks have been going on for half a decade now, but they've exploded in 2017 and 2018 when attackers started focusing on attacking members of the cryptocurrency community, so they could gain access to online accounts used for managing large sums of Bitcoin, Ethereum, and other cryptocurrencies.

But while these attacks were very popular last year, this year, the number of SIM swapping attacks appeared to have gone down, especially after law enforcement started cracking down and arresting some of the hackers involved in these schemes.

Something happened last week

But despite a period of calm in the first half of the year, a rash of SIM swapping attacks have been reported in the second half of May, and especially over the past week.

Several users tweeted their horrific experiences.

Some of them have publicly admitted to losing funds, such as Sean Coonce, who penned a blog post about how he lost over $100,000 worth of cryptocurrency due to a SIM swapping attack.

Some victims avoided getting hacked

Some other victims candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.