Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label SIM. Show all posts
TSP
AI technology Cyber Security DoT Mobile Connection SIM Spoofed Calls Telecom Telecommunication TSP

India Disconnects 1.77 Crore Mobile Connections Using AI Tools, Blocks 45 Lakh Spoofed Calls

 

The Indian government has disconnected over 1.77 crore mobile connections registered with fake or forged documents using AI-powered tools, according to a recent announcement by the Department of Telecommunications (DoT). The AI-based system has identified and blocked 45 lakh spoofed international calls, preventing them from entering the Indian telecom network. This initiative is part of a larger effort to curb telecom fraud and cybercrime, with four telecom service providers collaborating with DoT to implement a more advanced two-phase system. 

In the first phase, the system blocks spoofed calls at the telecom service provider (TSP) level, targeting those that attempt to use numbers from the provider’s own subscribers. In the second phase, a centralized system will be introduced to tackle spoofed calls using numbers from other TSPs, thereby ensuring more comprehensive protection. The Ministry of Communications announced that this centralized system is expected to be operational soon, enhancing the safety of Indian telecom subscribers. Alongside these efforts, the government has disconnected 33.48 lakh mobile connections and blocked 49,930 mobile handsets, particularly in districts considered to be cybercrime hotspots. About 77.61 lakh mobile connections exceeding the prescribed limits for individuals were also deactivated. 

The AI tools have further enabled the identification and blocking of 2.29 lakh mobile phones involved in fraudulent activities or cybercrime. Additionally, the DoT traced 12.02 lakh out of 21.03 lakh reported stolen or lost mobile phones. It also blocked 32,000 SMS headers, 2 lakh SMS templates, and 20,000 entities engaged in malicious messaging activities, preventing cybercriminals from sending fraudulent SMSs. Approximately 11 lakh accounts linked to fraudulent mobile connections have been frozen by banks and payment wallets, while WhatsApp has deactivated 11 lakh profiles associated with these numbers. 

In an effort to curb the sale of SIM cards issued with fake documents, 71,000 Point of Sale (SIM agents) have been blacklisted, and 365 FIRs have been filed. These measures represent a significant crackdown on telecom-related cybercrime, demonstrating the government’s commitment to making India’s telecom sector more secure through the use of advanced technology. The upcoming centralized system will further bolster this security, as it will address spoofed calls from all telecom providers.
Read more »
SIM Card Operation
Cyberattacks CyberCrime Cybersecurity CyberThreat Data Breach Mobile Network Police Raid SIM SIM Card Operation

Sandton Police Raid Uncovers Massive Counterfeit SIM Card Operation

 


In response to a tip-off about suspicious activities occurring at a Sandton home, the South African Police Service (SAPS) took action. Upon receiving this information, members of the Gauteng Organised Crime Investigation Unit operationalised the intelligence as soon as possible and raided the residence. It was discovered by the police officers upon their arrival that over 40 people, ranging in age from 17 to 36, were occupying the property. They are suspected illegal immigrants who are suspected to be living there illegally. There was a garage and a backroom at the house that were bursting with SIM cards from all of South Africa's mobile networks after a thorough search of the house. 

It is believed that the SIM cards were produced using a substantial number of computers that were found along with them. Various mobile network technicians were summoned at the scene of the discovery to verify the authenticity of the SIM cards that were discovered. As a result of their evaluation, the police were able to identify that the SIM cards were in fact counterfeit, highlighting the seriousness of the incident. Police arrested 43 suspected illegal immigrants, along with two South African nationals. Their alleged crimes are serious in nature and are backed by serious charges. 

There are some of them that are alleged to have violated the Cyber Crime Act, committed fraud, and violated immigration laws in violation of these laws. The SAPS have stated that it is likely that even more suspects will be apprehended as the investigation continues. The raid has resulted in a significant number of arrests, but the investigation is far from over. It is the goal of the investigation to dismantle the entire network behind this operation and identify any additional actors involved, and the aim is to dismantle the entire network. There was a garage and backroom in the premises that was filled with thousands of counterfeit Sim cards from all major South African mobile networks, according to the search. Among the other things that were found by investigators were a variety of computers, printers, and other equipment that was used to fabricate the fake cards. 

A preliminary investigation indicates that all of the cards were produced on-site, using advanced technology to replicate the cards of legitimate networks. According to the reports, counterfeiters are selling fake SIM cards to unsuspecting customers who then use the Sim cards to make calls, send texts, and access mobile data without any suspicion being discovered. It is alleged that two South Africans have contravened the Cyber Crime Act 19 of 2020, conspired to commit fraud, and migrated illegally to the United States. There are reportedly 41 more suspects in the investigation, all of whom are the result of illegal immigrants who are reportedly in South Africa without a visa. 

Deportation proceedings are currently underway against them. The seized items were examined by technicians from several mobile network providers in order to get an idea of what they were worth. It has now been confirmed that they were indeed imitation SIM cards, which were likely to be used for fraudulent purposes and cybercrime. At the scene of the incident, a total of 43 suspected illegal immigrants, two South Africans, and one South American were arrested. There are multiple charges against them, including contraventions of the Cyber Crime Act, fraud and illegal immigration, all of which are currently being investigated.

It appears that the arrests might not come to an end as a spokesperson for Gauteng Organised Crime Investigation Unit suggested. There are many ways in which criminals exploit digital vulnerabilities to take advantage of the vulnerabilities of organizations, and this operation highlights the growing issue of cybercrime. Furthermore, the article points out that vigilant law enforcement is vital to combating these types of crimes, as is the role that community intelligence plays in assisting law enforcement. In light of this significant operation, the SAPS has reaffirmed its commitment to combatting cybercrime and illegal immigration. This raid underscores the critical importance of community involvement in identifying and reporting suspicious activities, enabling law enforcement agencies to act swiftly and decisively. 

The ongoing investigation aims to unearth the full extent of the counterfeit SIM card network and bring all involved parties to justice. As the investigation continues, the SAPS has called on the public to remain vigilant and report any information that may aid in dismantling similar operations. This case serves as a stark reminder of the evolving nature of cybercrime and the relentless efforts required to safeguard the nation's digital infrastructure. The SAPS assures the community that it will continue to prioritize such cases and uphold the rule of law to protect the integrity of South Africa's telecommunications networks. 

The successful raid and subsequent arrests highlight the effectiveness of coordinated efforts between law enforcement and mobile network providers. Together, they strive to mitigate the risks posed by cybercriminals and ensure the safety and security of all citizens.
Read more »
Technology
Connections CyberCrime Cybersecurity CyberThreat eSIM Mobile Phones PKI SIM Technology

eSIM Connections: Redefining Mobile Service and Flexibility

 


This eSIM management technology will have a significant impact on the IoT, as it represents an evolution from physical SIM cards to virtual SIM cards, which will have the greatest impact on its acceptance. Mobile network operators (MNOs), who are well-positioned to play a key role in facilitating the growth of the exploding IoT market, have established a solid and reliable management solution for embedded subscriber identity modules. 

Furthermore, MNOs can create new and convenient journeys for consumers using mobile devices. The mobile industry is facing a transformative period in the coming years, especially concerning eSIMs, which have been the subject of new research which sheds some light on how eSIMs will be transformed. An eSIM ecosystem offers the same security and protection that a removable SIM card provides. A public key infrastructure (PKI) governed by the GSMA provides secure authentication of entities of the ecosystem. 

The protocols are based on state-of-the-art cryptographic mechanisms and are guaranteed to protect the end user's privacy. There is a GSMA certification process required for manufacturers and providers of eSIM solutions to be admitted into the ecosystem. As a result of the switch from physical SIM cards to eSIM cards, CCS Insight believes that the consumer will have more powerful control over their subscriptions by interacting differently with their network providers. 

There are currently only 150 million people worldwide who use eSIMs, compared to 8.9 billion people who subscribe to mobile phones. This study says, however, that all of this is expected to change by the year 2023, despite a very small share of the global mobile market. The CCS Insight study predicts that, as digital-only network connections become increasingly popular, the number of phones with eSIMs will nearly double, from 27% in 2023 to 56% by 2028, as a result of this growing trend. There are more than 150 million eSIM customers in North America, which accounted for more than half of the adoption curve. 

According to the report, this is the result of Apple's decision to only provide eSIM-enabled devices since the iPhone 14 was introduced in September 2022. Around the world, approximately 800 operators are supporting eSIM devices. Kester Mann, CCS Insight Director of Consumer and Connectivity, made the point that removing that small piece of plastic from your phone will improve your digital customer journey, attract new customers, and have environmental benefits as a result of eliminating that little piece of plastic. In addition to praising the roaming benefits of eSIM cards, the report highlights the ability of customers to sign up for cheaper plans before travelling or while travelling using these devices. 

While this revolution has many advantages, it also has a lot of limitations, which can lead to a lack of education in this field. CCS Insights conducted a survey in which more than 5,000 people across the UK, the US, Germany, Spain and Australia were asked whether they had heard of the eSIM or not. Only four out of ten had heard of it. There is nothing better than being able to offer a convenient and fully digital user experience to consumers. As a result of this, extra target groups can now be acquired by completely new customer acquisition journeys. 

Furthermore, in addition to fostering the development of innovative devices and services, eSIM technology has also played a significant role in the development of more attractive contracts that cover multiple devices. IoT (Internet of Things) is considered one of the fastest-growing sectors of the IoT economy today, and it includes sensors, processors, systems, and platforms used by industries to improve their operational efficiency to compete more effectively. 

IoT devices, including sensor modules, logistics tracking systems, and manufacturing equipment, greatly benefit from mobile connectivity and predominantly utilize eSIMs. Embedded Subscriber Identity Modules (eSIMs) significantly simplify the deployment and lifecycle management of these sensors, enhancing efficiency and effectiveness. The management of eSIMs facilitates new, fully digital user journeys, allowing eSIM profiles to be seamlessly installed on devices with minimal user interaction. This convenience is particularly beneficial for activating consumer IoT devices that lack displays, but it also extends to any eSIM-enabled devices, such as smartphones or tablets. 

The GSMA eSIM Discovery Service enhances this frictionless customer experience both in-store and out-of-store, providing a streamlined and user-friendly process for eSIM activation and management. The integration of eSIM technology in IoT devices not only optimizes the rollout process but also ensures efficient lifecycle management. This advancement underscores the transformative impact of eSIMs in the mobile market, promoting a more connected and streamlined experience for users across various devices and applications. In conclusion, the adoption of eSIM technology is set to revolutionize the mobile industry and the IoT sector. 

With its streamlined deployment, enhanced lifecycle management, and fully digital user journeys, eSIMs are paving the way for a more flexible and efficient mobile experience. As consumer awareness and adoption grow, supported by the robust infrastructure and security provided by MNOs and the GSMA, eSIMs will play a crucial role in shaping the future of mobile connectivity. This evolution promises not only to enhance user convenience but also to drive the development of innovative devices and services, ultimately transforming the digital landscape.
Read more »
Technology
Cellular Network Connectivity eSIM Mobile Network Mobiles Network SIM Technology

Revolutionizing Connectivity: The Rise of iSIMs in the Mobile Industry

 

The mobile industry is on the verge of a groundbreaking transformation, spearheaded by the advent of integrated SIMs, or iSIMs. According to a new report from Juniper Research, the number of iSIMs in connected devices is expected to soar from 800,000 in 2024 to more than 10 million by 2026. This staggering 1,200% increase is anticipated to be driven by the release of the GSMA's SGP.41/42 specifications by the end of 2025. These specifications aim to standardize and streamline the rollout of iSIM-enabled devices, thereby enhancing their accessibility and adoption. 

An iSIM, also known as an Integrated Universal Integrated Circuit Card (iUICC), represents an evolution of the eSIM (embedded SIM) technology by integrating directly into the device’s processor. This innovation eliminates the need for a separate SIM module, heralding a future where traditional SIM cards are rendered obsolete and networks can preload plans onto devices during the manufacturing process. The GSMA's SGP.41/42 specifications will facilitate In-factory Profile Provisioning (IFPP), allowing iSIM profiles to be uploaded onto devices during production. This capability simplifies the process for both manufacturers and consumers by enabling devices to be shipped with pre-configured cellular connectivity.  

Despite the optimistic forecast, Juniper's report points out that the absence of an industry-wide standard for iSIM technology could pose challenges. Without an official standard, manufacturers might be reluctant to launch iSIM solutions. Elisha Sudlow-Poole, the author of Juniper Research’s report, emphasizes the need for eSIM vendors to develop standard-agnostic platforms that can adapt to various form factors, standards, and use-case requirements. Furthermore, eSIM vendors must cultivate trusted partnerships with manufacturers to ensure the widespread adoption of iSIM connectivity services once they become sought after in the market. 

Juniper's study projects that the number of iSIM connections will surge to 210 million globally by 2028. This growth will be fueled by the adoption of iSIM technology in sectors such as smart energy meters and remote logistics, where there is a demand for power-efficient and compact devices. As these and other industries recognize the advantages of iSIM technology, the mobile industry's landscape will continue to evolve, ushering in a new era of connectivity and convenience. 

The shift to iSIMs represents a significant milestone in the evolution of the mobile industry, promising improved efficiency, security, and user experience. With the expected release of standardized guidelines and the increasing adoption of iSIM technology, the coming years are likely to witness profound changes in how devices connect to networks, ultimately benefiting both consumers and businesses. This transition underscores the mobile industry’s commitment to innovation and its dedication to enhancing connectivity solutions for a rapidly advancing digital world.
Read more »
Wireless
Cyber Scammers cyber threat Cyberattacks CyberCrime FBI FCC Financial Loss Reddit SIM SIM swap Swap Scam T-Mobile Technology Verizon Wireless

Inside Job Exposed: T-Mobile US, Verizon Staff Solicited for SIM Swap Scam

 


T-Mobile and Verizon employees are being texted by criminals who are attempting to entice them into swapping SIM cards with cash. In their screenshots, the targeted employees are offering $300 as an incentive for those willing to assist the senders in their criminal endeavours, and they have shared them with us. 

The report indicates that this was part of a campaign that targets current and former mobile carrier workers who could be able to access the systems that would be necessary for the swapping of SIM cards. The message was also received by Reddit users claiming to be Verizon employees, which indicates that the scam isn't limited to T-Mobile US alone. 

It is known that SIM swapping is essentially a social engineering scam in which the perpetrator convinces the carrier that their number will be transferred to a SIM card that they own, which is then used to transfer the number to a new SIM card owned by the perpetrator. 

The scammer can use this information to gain access to a victim's cell phone number, allowing them to receive multi-factor authentication text messages to break into other accounts. If the scammer has complete access to the private information of the victim, then it is extremely lucrative. 

SIM swapping is a method cybercriminals utilize to breach multi-factor authentication (MFA) protected accounts. It is also known as simjacking. Wireless carriers will be able to send messages intended for a victim if they port the victim’s SIM card information from their legitimate SIM card to one controlled by a threat actor, which allows the threat actor to take control of their account if a message is sent to the victim. 

Cyber gangs are often able to trick carrier support staff into performing swaps by presenting fake information to them, but it can be far more efficient if they hire an insider to take care of it. In the past, both T-Mobile and Verizon have been impacted by breaches of employee information, including T-Mobile in 2020 and Verizon last year, despite it being unclear how the hackers obtained the mobile numbers of the workers who received the texts. 

The company stated at the time that there was no evidence that some of the information had been misused or shared outside the organization as a result of unauthorized access to the file, as well as in 2010 a Verizon employee had accessed a file containing details for about half of Verizon s 117,00-strong workforce without the employee's authorization.

It appears that the hackers behind the SIM swap campaign were working with outdated information, as opposed to recent data stolen from T-Mobile, according to the number of former T-Mobile employees who commented on Reddit that they received the SIM swap message. As the company confirmed the fact that there had not been any system breaches at T-Mobile in a statement, this was reinforced by the company. 

Using SIM swap attacks, criminals attempt to reroute a victim's wireless service to a device controlled by the fraudster by tricking their wireless carrier into rerouting their service to it. A successful attack can result in unauthorized access to personal information, identity theft, financial losses, emotional distress for the victim, and financial loss. Criminals started hijacking victims' phone numbers in February 2022 to steal millions of dollars by performing SIM swap attacks. 

The FBI warned about this in February 2022. Additionally, the IC3 reported that Americans reported 1,075 SIM-swapping complaints during the year 2023, with an adjusted loss of $48,798,103 for each SIM-swapping complaint. In addition to 2,026 complaints about SIM-swapping attacks in the past year, the FBI also received $72,652,571 worth of complaints about SIM-swapping attacks from January 2018 to December 2020. 

Between January 2018 and December 2020, however, only 320 complaints were filed regarding SIM-swapping incidents resulting in losses of around $12 million. Following this huge wave of consumer complaints, the Federal Communications Commission (FCC) announced new regulations that will protect Americans from SIM-swapping attacks to protect Americans from this sort of attack in the future.

It is required by the new regulations that carriers have a secure authentication procedure in place before they transfer the customer's phone numbers to a different device or service provider. Additionally, they need to warn them if their accounts are changed or they receive a SIM port out request.
Read more »
TRAI
Fraud Calls Mobile Security SIM SIM swap Spam Call telecommunications TRAI

TRAI Updates Regulations to Prevent SIM Swap Fraud in Telecom Porting

 

The Telecom Regulatory Authority of India (TRAI) recently announced updated regulations aimed at combating SIM swap fraud in the telecom sector. According to the new regulations, telecom subscribers will be prohibited from porting out of their current network provider if they have recently "swapped" their SIM card due to loss or damage within the past seven days. 

This amendment is intended to prevent fraudulent activities by disallowing the issuance of a "unique porting code" (UPC), which is the initial step in changing providers using mobile number portability. 

The TRAI highlighted that this measure is part of its broader efforts to address concerns related to fraudulent and spam calls, which have been on the rise in recent years. In addition to SIM swap fraud, spam calls and messages have become a significant nuisance for telecom subscribers, leading to increased efforts by regulatory authorities to combat such activities. 

Previous anti-spam measures undertaken by TRAI include the establishment of a do-not-disturb registry, the release of an app for filing complaints against telemarketers, and the enforcement of regulations on transactional SMS messages by businesses. 

However, despite these efforts, fraudulent activities continue to pose challenges for both regulators and consumers. In addition to the prohibition on porting after SIM card swapping, TRAI has recommended to the Department of Telecommunications (DoT) the implementation of a feature that would display the legally registered name of every caller on recipients' handsets. This proposal aims to enhance transparency and enable recipients to identify the origin of incoming calls more accurately. 

However, the proposal has faced criticism on privacy grounds, with concerns raised about the potential misuse of caller identification information. To further address concerns related to fraudulent communication, the DoT has introduced its own portal called Chakshu for reporting suspected fraud communication. This platform allows users to report instances of suspected fraud, helping regulatory authorities to track and investigate fraudulent activities more effectively. 

Furthermore, the TRAI is considering a suggestion from the DoT regarding the verification of subscriber identity during the porting process. Currently, porting requires only the possession of an unblocked SIM, with know-your-customer (KYC) processes conducted anew. This policy has implications for minors and other dependents whose SIMs may not be registered in their names. 

The suggestion to double-check KYC during porting will be examined separately by TRAI. Overall, TRAI's efforts to strengthen regulations in the telecom sector aim to enhance security and protect consumers from fraudulent activities such as SIM swap fraud. By implementing measures to prevent unauthorized porting and enhancing transparency in caller identification, TRAI seeks to safeguard the interests of telecom subscribers in India. However, as fraudsters continue to evolve their tactics, regulatory authorities will need to remain vigilant and adapt their strategies accordingly to stay ahead of emerging threats.
Read more »
User Privacy
API Bug Canada Cyber Security Databases GitHub Malicious actor SIM Telecom Firm User Privacy

Canadian Telecom Provider Telus is Reportedly Breached

 

One of Canada's biggest telecommunications companies, Telus, is allegedly investigating a system breach believed to be fairly severe when malicious actors exposed samples of what they claimed to be private corporate information online.

As per sources, the malicious actors posted on BreachForums with the intention of selling an email database that claimed to include the email addresses of every Telus employee. The database has a $7000 price tag. For $6,000, one could access another database purported to provide payroll details for the telecom companies' top executives, including the president.

A data bundle with more than 1,000 private GitHub repositories allegedly belonging to Telus was also offered for sale by the threat actor for $50,000. A SIM-swapping API was reportedly included in the source code that was for sale. SIM-swapping is the practice of hijacking another person's phone by switching the number to one's own SIM card.

Although the malicious actors have described this as a Complete breach and have threatened to sell everything connected to Telus, it is still too early to say whether an event actually happened at TELUS or whether a breach at a third-party vendor actually occurred.

A TELUS representative told BleepingComputer that the company is looking into accusations that some information about selected TELUS team members and internal source code has leaked on the dark web.

The Telus breach would be the most current in recent attacks on telecom companies if it occurred as the malicious actors claimed. Three of the biggest telecommunications companies in Australia, Optus, Telestra, and Dialog, have all been infiltrated by attackers since the beginning of the year.

Customer data was used in a cyberattack that affected the Medisys Health Group business of Telus in 2020. The company claimed at the time that it paid for the data and then securely retrieved it. Although TELUS is still keeping an eye on the potential incident, it has not yet discovered any proof that corporate or retail customer data has been stolen.



Read more »
User Privacy
Apple Cyber Security iMessage iOS Patch Fix SIM User Privacy

Apple Claims "SIM not Supported" Bug Hits iPhone 14 Series

Apple's 14th-generation iPhone launch has not gone all too well as anticipated. In its most recent announcement, Apple acknowledged that iPhone 14 users are affected by the SIM problem in iOS 16.

Apple has confirmed a new iOS 16 bug that is causing owners of the iPhone 14 inconvenience. A  message is displayed on their device that reads 'SIM not supported.' The business acknowledged the flaw and declared it is looking into the matter.

Apple strongly advises against restoring the device if the notice remains. The tech giant prefers that customers seek technical support from authorized Apple service providers or visit the nearest Apple Store. According to reports, Apple is developing a patch for this flaw and may deliver it by the end of the month.

Apple confirms in the memo that it is looking into the issue and that it is not a hardware-related one even if a fix is still pending. Since a software repair is possible, the affected iPhone 14 units would not need to be recalled. Apple advises iPhone 14 customers to wait until a fix is available because, occasionally, the error message will go away and the phones will start working normally again.

The business advised customers to 'upgrade to the current version of iOS to address the issue' if they experienced problems with Messages or FaceTime after configuring their new iPhone.

Apple stated that updating to the most recent version of iOS would fix any issues with iMessage and FaceTime not fully activating on the iPhone 14 and iPhone 14 Pro. 

Therefore, experts recommend holding off on upgrading to an iPhone 14 model until Apple has fixed more of these problems. The iOS 16.1 update is currently being developed by Apple and is anticipated to go live by the end of the month. The upcoming version will most likely include numerous new features, adjustments, and changes. A recent iOS 16.0.3 update from Apple is expected to fix a number of problems.

Read more »
User Privacy
Data Protection Bill Hackers Privacy SIM telecommunications User Privacy

Laws Regulating SIM Card Registration may Violate Private Data

The law protecting personal data in the Philippines was in the works, and it was ultimately passed. A wave of data security breaches in the nation, according to the administration, makes the new data protection measures essential.

Although it's fair to be concerned about internet theft, a progressive group called Bagong Alyansang Makabayan (Bayan) warned on Monday that the new law requiring SIM card registration could be abused to invade people's privacy.

"While abandoning privacy is a more difficult reaction, we are aware of the latest worries around internet scams. Any policy that would jeopardize the right to privacy should be viewed as dangerous," according to Renato Reyes, secretary-general of the Bayan organization. The Philippine government has a long history of violating human rights.

"The SIM register could develop into a huge network of surveillance used against people. Given that the Philippine government has experienced data leaks in the past, the data that is collected might not be kept secure," Renato Reyes stated.

President Ferdinand Marcos gave the SIM card law his first official signature since assuming office on June 30 early that day. It demonstrated the purpose of the Marcos administration to safeguard Filipinos from cybercrime, as per House Speaker Ferdinand Martin Romualdez.

Users of mobile phones are required by Republic Act No. 11934 to register their SIM cards with telecommunications companies. They would then be required to present legitimate identification cards as well as a fully completed registration form.

Those who were unable to produce a legitimate ID might instead show a clearance from the National Bureau of Investigation, a police clearance, or a birth certificate that had been approved by the Philippine Statistics Authority and had an ID photo on it.

Since authorities will be able to determine the owner of a SIM card used for the commission of a crime, even terrorism, supporters of the proposal believe it may be a tool against internet scams. Legislators recently found during hearings on text scams and spam messages sent to cell phones that insufficient regulations made it difficult for law enforcement to pursue cybercriminals.

Read more »
Vulnerabilities and Exploits
HPE Security Patch SIM Vulnerabilities and Exploits

HPE Patches the Zero-Day Vulnerabiity in Systems Insight Manager Software for Windows

 

Hewlett Packard Enterprise (HPE) has released a security update to patch critical zero-day remote code execution (RCE) vulnerability in its HPE Systems Insight Manager (SIM) software for Windows that it initially revealed in December 2020.

HPE updated its original security advisory on Wednesday. However, the SIM hotfix update kit which resolves the flaw was published more than a month ago, on April 20. HPE SIM is a management and remote support automation tool for Windows and Linux intended to be used with the company's servers, storage, and networking products, including the HPE ProLiant Gen10 and HPE ProLiant Gen9. 

Security researchers labeled the flaw (CVE-2020-7200) as an ‘extremely high-risk’ flaw. It allows attackers with no privileges to remotely execute the code and is commonly found in the latest versions (7.6.x) of HPE’s SIM software and specifically targets the Windows version. This bug allows low-complexity attacks that don’t require user interaction.

“This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM,” according to Packet Storm. The lack of proper validation of user-supplied data can lead to the deserialization of untrusted data, enabling attackers to execute code on servers running vulnerable SIM software.

HPE has released a security advisory for the system admins who are unable to deploy the CVE-2020-7200 security update on vulnerable systems. To safeguard your devices, HPE has provided mitigation measures that involve removing the “Federated Search” & “Federated CMS Configuration” features that allowed the vulnerability.

System admins who use the HPE SIM management software have to use the following procedure to block CVE-2020-7200 attacks: 

1. Stop HPE SIM Service 

2. Delete file from sim installed path del /Q /F C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war 

3. Restart HPE SIM Service

4. Wait for HPE SIM web page "https://SIM_IP:50000" to be accessible and execute the following command from command prompt. mxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul

By following the above procedures system admins can be prevented from being exploited by potential attackers, it will also mean that HPE SIM users can no longer use the federated search feature.
Read more »
Subscribe to: Posts (Atom)