A new SIM card flaw has been discovered by security researchers who say that more than a billion smartphones could be at risk as threat actors are currently exploiting it in the wild.
The vulnerability, called Simjacker, was found in mobile SIM cards by researchers at AdaptiveMobile Security and it is being used to track user’s locations, intercept calls and more all by sending an SMS message to a victim’s smartphone.
The researchers released a blog post in which they disclosed the vulnerability and explained that Simjacker has been exploited by a private company over the past two years, saying:
- SIM hijacking and the flaws of traditional two-factor authentication
“This vulnerability is currently being actively exploited by a specific private company that works with governments to monitor individuals. Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core networks. The main Simjacker attack involves an SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands.”
Simjacker has already been used to launch attacks against individuals and telecoms including fraud, scam calls, information leakage, denial of service and espionage. Since the vulnerability is linked to a technology embedded on SIM cards and not to a particular device, it has the potential to affect every smartphone which uses a SIM card regardless of the make or model.
The attack itself stems from a technology built in to SIM cards called S@T Browser which stands for SIMalliance Toolbox Browser. Although the technology is generally used for browsing through a SIM card, it can also be used for a number of functions such as opening a browser, setting up calls, playing a ring tone and more. Once a threat actor has used Simjacker to have a smartphone open a browser, they can even instruct the targeted device to open known malicious sites to infect the device with malware.
AdaptiveMobile Security has not yet named the group which has been exploiting the Simjacker vulnerability in the wild though they did provide more details on who they think it might be, saying:
“We can say with a high degree of certainty, that the source is a large professional surveillance company, with very sophisticated abilities in both signaling and handsets.”
The researchers have submitted details on the exploit to GSMA and they promise to continue investigating how the attacks function while looking for other variants of Simjacker exploits.
Via Threat Post