[Simsec] CNTR high

Karsten Nohl nohl at srlabs.de
Tue Sep 22 08:03:23 CEST 2020


Dear Soiava,

The vulnerability you found is an applications on the SIM that appears to be unprotected [1].

Leaving an applet unprotected is never a good idea, so this is reported as a vulnerability without knowing what exactly the applet does.

In this particular case, you have indeed found Simjacker since the applet in question is the S at T Browser [2].

Hope this helps,

     -Karsten

[1] https://srlabs.de/bites/sim_attacks_demystified/
[2] https://securitygrind.com/dissecting-sim-jacker-part-4-of-4-exploitation/

On 22 September 2020, at 1:58, Soiava <soiavaq at gmail.com<mailto:soiavaq at gmail.com>> wrote:

Hello,
I see this result from SIMTester:

fuzzer: fuzzer14, TAR: SAT:505348, keyset: 5 - card responded with FETCH, fetched_data = D02781030113008202818305008B1A410005002143F500F610027100000B0A50534800000000000003, response word: 9000
Proactive command (SEND SHORT MESSAGE) identified, details: "410005002143F500F610027100000B0A50534800000000000003"; trying to handle it..
fuzzer: fuzzer14, TAR: 505348, keyset: 5, PoR: 03, PoR CC: null -> CRITICAL WEAKNESS FOUND

SIMTester has discovered following weaknesses:

The following TARs/keysets returned a valid response without any security:
TAR    keyset Response packets

505348      5 027100000B0A50534800000000000003

The PoR is 03 = CNTR high
What is the weakness of my SIM card?
Which attack?
Simjacker (S at T) or something else?
Please answer me...
Thanks.
_______________________________________________
Simsec mailing list
Simsec at lists.srlabs.de<mailto:Simsec at lists.srlabs.de>
https://lists.srlabs.de/cgi-bin/mailman/listinfo/simsec

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20200922/da5770f4/attachment.html>


More information about the Simsec mailing list