INSUBCONTINENT EXCLUSIVE:
A new SIM card flaw has been discovered by security researchers who say that more than a billion smartphones could be at risk as threat
actors are currently exploiting it in the wild.The vulnerability, called Simjacker, was found in mobile SIM cards by researchers at
AdaptiveMobile Security and it is being used to track user's locations, intercept calls and more all by sending an SMS message to a
victim's smartphone.The researchers released a blog post in which they disclosed the vulnerability and explained that Simjacker has been
vulnerability is currently being actively exploited by a specific private company that works with governments to monitor individuals
Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core
The main Simjacker attack involves an SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs
launch attacks against individuals and telecoms including fraud, scam calls, information leakage, denial of service and espionage
Since the vulnerability is linked to a technology embedded on SIM cards and not to a particular device, it has the potential to affect every
smartphone which uses a SIM card regardless of the make or model.The attack itself stems from a technology built in to SIM cards called S@T
Browser which stands for SIMalliance Toolbox Browser
Although the technology is generally used for browsing through a SIM card, it can also be used for a number of functions such as opening a
browser, setting up calls, playing a ring tone and more
Once a threat actor has used Simjacker to have a smartphone open a browser, they can even instruct the targeted device to open known
malicious sites to infect the device with malware.AdaptiveMobile Security has not yet named the group which has been exploiting the
degree of certainty, that the source is a large professional surveillance company, with very sophisticated abilities in both signaling and
while looking for other variants of Simjacker exploits.Via Threat Post
