SimJacker, a new vulnerability discovered by researchers, has been linked to widely used software that affects SIM cards used commonly across 30 countries.
In what appears to be a critical threat, simply sending a text message to target devices exploits the flaw. This in turn activates specific SIM card instructions. However, this can be used to spy on active location of individuals, send fake messages on behalf of the device owner, make fraudulent calls, force-install malware, steal critical information and more such serious acts.
Notably, AdaptiveMobile Security discovered the flaw. A front line provider of real-time cyber-telecom security technologies.
However, to execute such attacks, the infiltrator only sends a message that resembles a system code message that is actually a malware code that directly communicates with the SIMalliance Toolbox Browser (or S@T Browser). Furthermore, this is a piece of software that is present in a wide volume of SIM cards across many nations in the world.
Moreover, AdaptiveMobile states that S@T Browser is a legacy protocol. However, by virtue of it being present in SIM cards, attackers are making use of its ability to take actions such as send system messages. Together with, they are setting up an operator call, launch specific browser links and send requisite data to a target address.
As a result, sensitive data such as live location, device IMEI number and more are being collected in what appears to be a silent espionage project.
What is particularly more alarming is that vulnerability that arose due to a flaw in the over-the-air update system message.
Instead, it works completely in the background, thereby working as a deadly surveillance tool for any agency with such intentions. Furthermore, the SimJacker vulnerability is also device agnostic. It works with the same intensity across devices made by OEMs such as Apple, Samsung, Google and Huawei, all leaders in the smartphone space.
In brief, the threat is also imminent on IoT devices. Those employ certain builds of eSIM. Hence further expanding its potential to what AdaptiveMobile refers as “over a billion individuals across the world”.