Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Your tickets

Profile

SIM Toolkit (CVE-2015-3843)

Vulnerability in the SIM Application Toolkit (STK) subsystem. It is a set of tools that allows a SIM card to initiate and execute different commands in order to implement additional functions (the mentioned technology is used, for example, to form a SIM menu of the communications service provider). Vulnerability CVE-2015-3843, which is detected in Android 5.1 and earlier, allows cybercriminals to intercept and emulate SIM commands. It can be used, for example, to create fake windows during a confirmation of financial transactions.

Dr.Web Anti-virus for Android detects and removes malicious applications that use the CVE-2015-3843 vulnerability, even on attempt to install them on the attacked device, so users of Dr.Web Anti-virus are effectively protected from such Trojans.

Technical details

Vulnerability in SIM Application Toolkit (STK), which is a part of a standard Android framework, allows to intercept commands sent by the SIM card to the device. The malicious program can create the Parcelable object and then send it to the class com.android.stk.StkCmdReceiver. The class does not check the sender, and the action android.intent.action.stk.command is not indicated in the manifest file as a protected message, so cybercriminals get the opportunity to emulate sending of SIM card commands.

For example, when making a transaction with a mobile banking application, the SIM card asks for confirmation of the operation by displaying a message with buttons “OK” and “Cancel”. Via the action android.intent.action.stk.command, cybercriminal can create a fake window with an arbitrary text and display it a moment earlier than the SIM card generates the original message. Thus, the user will not see the original text until they click one of the offered buttons. If they click “OK”, method sendResponse() with the flag “true” will be called. As the result, the SIM card, which waits for user actions, will receive the command “OK”. This command will be proceeded as one received from the original dialog box.

See also information about other vulnerabilities

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2018

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040