Simjacker: the weakness of smartphones’ SIM cards

It is possibly one of the next generations of threats to computer security. A hole that leaves a new spy technique on a silver platter. They have defined it as Simjacker. A group of researchers from the security firm Adaptive Mobile Security have discovered a flaw in some SIM card models that allow hacking a mobile phone by sending a simple text or  message, through which they can discover geolocation information of the infected user.

Adaptive Mobile Security believes that this vulnerability “has been exploited for at least two years by a threatening and sophisticated actor in several countries, mainly for surveillance purposes.” They describe Simjacker and its associated exploits as “a great leap in complexity and sophistication compared to other attacks seen previously.” Worst of all, there is nothing that users can do, only operators can tackle the problem.

It is not a specific problem of Android, iOS or any other mobile platform, but of the SIM cards used in any of these terminals. The problem is based on the use of a specially formatted SMS message that ends up arriving at the so-called UICC (Universal Integrated Circuit Card), the smart card that allows SIM cards to do their job.

Simjacker exploits a vulnerability of SIM cards to take control of some of our device data. The attack comes through an SMS that skips the operating system to access a piece of software known as S@T Browser. Through this type of attacks on the SIM it seems possible to spy on the location of any phone number

The operation is achieved, because the message contains orders for software that has been part of the cards for more than a decade, which is called S@T Browser and whose functions were that the operators knew how many minutes for calls they had left. a user at the end of the month

It should be noted that, currently S @ T Browser is no longer used, but it has not been updated since 2009, so the hackers have taken advantage of the weaknesses that they have left free, as operators in many countries continue to integrate this program as Part of your cards.

Adaptive Mobile Security estimates that more than 1 billion users are potentially affected by this vulnerability, but stress that it is not an exact figure.

Comments are closed.