A feat of the SIM card could spy more than a billion mobile phone users around the world

[ad_1]

Researchers from the security company AdaptiveMobile Security have released a report (via TNW) on a new vulnerability called Simjacker that uses the SIM card of your phone to spy on you. As all brands and all models of mobile phones can be used with Simjacker, more than one billion handsets could be allocated worldwide. The research company said it believed that the vulnerability had been developed by a private company that works with governments to monitor the location of individuals around the world. This exploit can also help attackers get the unique IMEI number of each phone.

Some SIM cards provided by GSM operators contain what is called the S @ T browser, present in the SIM Application Toolkit. Once used to launch browsers (such as WAP browsers found on feature phones during the day), Simjacker sends a binary SMS message to the browser with instructions on how to obtain location data and IMEI numbers, then send information to an "accomplice device". "Also uses binary SMS." Smartphones that can use HTML browsers, the S @ T browser has become obsolete.Despite this fact, AdaptiveMobileSecurity discovered that the S @ T technology was active in operators from 30 countries representing more than 30,000 people. one billion mobile phone users .This could overestimate the actual number of people affected by the exploit, as many operators no longer use SIM cards equipped with S @ T browser technology .

"Simjacker has also been exploited to carry out many other types of attacks against individuals and mobile operators, such as fraud, fraudulent calls, information leaks, denial of service and theft. espionage AdaptiveMobile Security Threat Intelligence analysts have observed that hackers vary their attacks In theory, all makes and models of mobile phones are likely to be attacked, because this vulnerability is linked to an integrated technology Simjacker's vulnerability could affect more than one billion users worldwide, which could affect the countries of the Americas, West Africa, Europe, the Middle East, and even any part of the world where this SIM card technology is used. "- AdaptiveMobileSecurity

Some numbers have been followed hundreds of times over the course of a week

The report states that Simjacker follows people daily and that some phone numbers are followed hundreds of times over a seven-day period. To spy on a vulnerable phone, a cheap GSM modem must send a message to a SIM card containing S @ T browser technology. By using binary SMS, which is not the same as SMS, phones can be invited to collect the information requested and to disseminate it to a bad actor. The research report states that "during the attack, the user completely ignores that he has received the attack, that this information was recovered and that they were correctly exfiltrées ".

Example of an old WAP browser: a feat of SIM card could spy more than a billion mobile phone users in the world

Example of an old WAP browser

And Simjacker's surveillance activities have been expanded to "carry out many other types of attacks against individuals and mobile operators, such as fraud, scams, information leaks, denial of service and espionage ". The only good thing about this attack is that it is based on older technology that should theoretically be phased out. But until S @ T technology is completely removed from all SIM cards, Simjacker remains a threat. And Cathal Mc Daid, chief technology officer at AdaptiveMobile Security, said, "Now that this vulnerability has been revealed, we expect the perpetrators of this exploit and other malicious actors to try to scale these attacks in 'other areas'.

The GSM Association states that it has been informed about Simjacker and has worked with researchers and the mobile sector to find out which SIM cards are affected and how to block malicious messages sent.

[ad_2]

Source link