The vulnerability in sim cards may make more than 1 billion mobile phone users tracked worldwide

​​​​​​​Researchers at security firm AdaptiveMobile Security have just released a report of a new vulnerability called "Simjacker" that allows bad guys to use the SIM cards on your phone to spy on you.

According to PhoneArena, many mobile phone models of many manufacturers in the market can be taken advantage of by Simjacker flaw. About over 1 billion devices have been affected worldwide. AdaptiveMobile Security said it believed that the vulnerability was developed by a private company working with governments to track the locations of individuals around the world. This vulnerability allows a bad guy to collect IMEI-specific numbers for each phone.

mobilethreatskull

Some SIM cards supported by GSM carriers contain something called the S@T browser included in the SIM Application Toolkit. When S@T is used to launch browsers (like the WAP browsers that were available on previous feature phones), Simjacker will send a binary SMS to the browser with instructions for it to collect location data and the IMEI number then send the obtained information to an "accomplice device" also using binary SMS.

Because today's smartphones use HTML browsers, the S@T browser is redundant. Nevertheless, AdaptiveMobile Security discovered that carriers in 30 countries with more than 1 billion mobile phone users are still activating S@T technology. Perhaps the number of affected devices will be lower because many carriers no longer use SIM cards equipped with S @ T browser technology.

Some phone numbers have been tracked hundreds of times within a week

1985979

The AdaptiveMobile Security report showed that many individuals were being monitored daily by Simjacker. In particular, there were telephone numbers being tracked hundreds of times over a period of 7 days.

Tracking a flawed device requires a cheap GSM modem to send messages to the SIM card containing the S@T browser technology. Using binary SMS which unlike traditional text messages, phones can be instructed to collect information and pass it on to the bad guy behind the incident. The report emphasized: "During the attack, users were completely unaware that they were being hacked, that their information had been successfully extracted and transferred."

The tracking activities through Simjacker have now been expanded to "carry out many other types of attacks against individuals and carriers, such as scams, spam calls, information leaks, refusals to provide service and espionage."

The only positive thing about this type of attack is that it relies on old technology which was theoretically removed. But until S@T technology is completely wiped out from every SIM card, Simjacker remains a threat. And now, according to AdaptiveMobile Security's Cathal Mc Daid, "now that the vulnerability has been discovered, it is certain that the villain behind the vulnerability and other bad guys will find a way to transform this type of attack into other areas".

The GSM Association says it is aware of the Simjacker flaw and will work with researchers and the mobile industry to find out which SIM cards are affected, and how to block malicious messages from being sent.

By: Joe Cook

Videos | Jokes | Travel | Insurance | Technology | Food | Life | Fashion | Beauty | Entertainment