[Simsec] WIB Vulnerability detection

ah med grgrehreher at gmail.com
Tue Mar 17 21:57:52 CET 2020


HI,

first of all,thanks for the SIMTESTER tool and congratulation for the great
job!

while testing some different SIM cards,i just found that the tool report
that the sim card execute a WIB request!
I just wanna verify that this is not a false positive and try to create a
valid POC if possible.

hope that you can help.

Regards.

SIMTester has discovered following weaknesses:
>
> The following TARs/keysets accepted and executed a WIB request without any
> security:
> TAR    keyset Response packets
>
> BFFF01      0 D0128103011000820281830607912143658709F0
> BFFF01      1 D0128103011000820281830607912143658709F0
> BFFF01      2 D0128103011000820281830607912143658709F0
> BFFF01      3 D0128103011000820281830607912143658709F0
> BFFF01      4 D0128103011000820281830607912143658709F0
> BFFF01      5 D0128103011000820281830607912143658709F0
> BFFF01      6 D0128103011000820281830607912143658709F0
> BFFF01      7 D0128103011000820281830607912143658709F0
> BFFF01      8 D0128103011000820281830607912143658709F0
> BFFF01      9 D0128103011000820281830607912143658709F0
> BFFF01     10 D0128103011000820281830607912143658709F0
> BFFF01     11 D0128103011000820281830607912143658709F0
> BFFF01     12 D0128103011000820281830607912143658709F0
> BFFF01     13 D0128103011000820281830607912143658709F0
> BFFF01     14 D0128103011000820281830607912143658709F0
> BFFF01     15 D0128103011000820281830607912143658709F0
> BFFF02      1 D0128103011000820281830607912143658709F0
> BFFF02      2 D0128103011000820281830607912143658709F0
> BFFF02      3 D0128103011000820281830607912143658709F0
> BFFF02      4 D0128103011000820281830607912143658709F0
> BFFF02      5 D0128103011000820281830607912143658709F0
> BFFF02      6 D0128103011000820281830607912143658709F0
> BFFF02      7 D0128103011000820281830607912143658709F0
> BFFF02      8 D0128103011000820281830607912143658709F0
> BFFF02      9 D0128103011000820281830607912143658709F0
> BFFF02     10 D0128103011000820281830607912143658709F0
> BFFF02     11 D0128103011000820281830607912143658709F0
> BFFF02     12 D0128103011000820281830607912143658709F0
> BFFF02     13 D0128103011000820281830607912143658709F0
> BFFF02     14 D0128103011000820281830607912143658709F0
> BFFF02     15 D0128103011000820281830607912143658709F0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20200317/5482be6a/attachment.html>


More information about the Simsec mailing list