SIMJACKER: Your phone can be hacked by just an SMS

Image by Biljana Jovanovic from Pixabay 
Recently, I shared an article based on a SIM swapping attack, where a cybercriminal hijacks your SIM by using the SIM card swapping technic to compromise all the accounts linked to a SIM card. But in Sep 2019 AdaptiveMobile Security identified a dangerous vulnerability in SIM cards that could be used by hackers to compromise targeted mobile phones and spy on victims just by sending an SMS. This means any type of mobile phone model you are using is hackable because this vulnerability is linked to a technology embedded on SIM cards.

So if you want to know more about this, read this article.

What is Simjacker Vulnerability?

Simjacker vulnerability is situated in a piece of software, called the S@T Browser (a dynamic SIM toolkit) that comes installed on a variety of SIM, eSIM cards, as part of SIM Tool Kit. And it is used by mobile operators to send specially crafted messages which are not regular messages; they’re binary codes, used to process special instructions and offer some basic services, subscriptions, to there customers. Cybercriminals use it to send spyware-like code using SMS to a
mobile phone. To get that instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile phone, in order to perform sensitive commands.

Unfortunately, it is embedded on most SIM cards that are widely being used by mobile carriers in at least 30 countries.

The Attacker Could Exploit The Flaw To:

  • Retrieve information like location, IMEI, language, radio type, battery level, etc.
  • Sending fake messages to spread mis-information.
  • Dial premium-rate numbers to perform premium-rate scams.
  • Spy on victims, devices could function as a listening device, by ringing a number.
  • Spread malware by opening a malicious web page in the victim’s phone browser.
  • Disable the SIM card by performing denial of service attacks.

The experts revealed that In this attack, the victim is unaware that they obtain the attack, and also they observed this attack against users with the most popular mobile devices manufactured by Apple, Google, Huawei, Motorola, and Samsung. That means almost any mobile phone model is vulnerable to the SimJacker attack because this vulnerability embedded on SIM cards and its specifications are the same since 2009. This vulnerability could increase over one billion mobile users globally, and impacting any region of the world, where this SIM technology is in use.

Who Is Exploiting This, And Why?

According to AdaptiveMobile Security, this exploit has been developed by a particular private company that works with governments to monitor individuals.

How Can You Avoid Simjacking

According to security experts out there, no stand-alone method exists for users to stop simjacking which means, every user needs to be extra careful of using their mobile number, how to interact via SMS and how they keep all digital accounts secure you should have avoided using outdated SIM menu apps, as well as try to block SMS code containing dangerous commands. And ensure, that no matter what information the attacker has about you, it won’t be enough to get a new SIM issued on your number.

But There’s Some Good News.

This attack requires fairly in-depth knowledge of mobile networking protocols and expensive gear, the Simjacker attack is far simpler and special skills, which means that the method is not likely to be deployed by every hacker. Researchers said this attack is simpler and cheaper. This attack needs a $10 GSM modem and a victim's phone.

The Simjacker attacks are reported to the GSM Association. So companies will take all protective measures at the earliest opportunity.

CONCLUSION:- This article is all about simjacking. If you have any queries feel free to ask in the comment section.