The vulnerability in sim cards may make more than 1 billion mobile phone users tracked worldwide
- ConsenSys and AMD develop blockchain-based cloud computing infrastructure
- Google Drive, Apple iCloud and Dropbox: Which is the best cloud storage?
- Benefits of ERP technology in cloud computing
- 5 reasons why enterprises should use cloud computing
- The combination of cloud computing and virtual private network
- Microsoft arrangements to utilize ARM chips for cloud computing
- Cloud computing - A simple explanation
- Adobe earns big on 'the cloud'
- New Window Server: Breakthrough on cloud security (Part 2)
- New Window Server: Breakthrough on cloud security (Part 1)
According to PhoneArena, many mobile phone models of many manufacturers in the market can be taken advantage of by Simjacker flaw. About over 1 billion devices have been affected worldwide. AdaptiveMobile Security said it believed that the vulnerability was developed by a private company working with governments to track the locations of individuals around the world. This vulnerability allows a bad guy to collect IMEI-specific numbers for each phone.
Some SIM cards supported by GSM carriers contain something called the S@T browser included in the SIM Application Toolkit. When S@T is used to launch browsers (like the WAP browsers that were available on previous feature phones), Simjacker will send a binary SMS to the browser with instructions for it to collect location data and the IMEI number then send the obtained information to an "accomplice device" also using binary SMS.
Because today's smartphones use HTML browsers, the S@T browser is redundant. Nevertheless, AdaptiveMobile Security discovered that carriers in 30 countries with more than 1 billion mobile phone users are still activating S@T technology. Perhaps the number of affected devices will be lower because many carriers no longer use SIM cards equipped with S @ T browser technology.
Some phone numbers have been tracked hundreds of times within a week
The AdaptiveMobile Security report showed that many individuals were being monitored daily by Simjacker. In particular, there were telephone numbers being tracked hundreds of times over a period of 7 days.
Tracking a flawed device requires a cheap GSM modem to send messages to the SIM card containing the S@T browser technology. Using binary SMS which unlike traditional text messages, phones can be instructed to collect information and pass it on to the bad guy behind the incident. The report emphasized: "During the attack, users were completely unaware that they were being hacked, that their information had been successfully extracted and transferred."
The tracking activities through Simjacker have now been expanded to "carry out many other types of attacks against individuals and carriers, such as scams, spam calls, information leaks, refusals to provide service and espionage."
The only positive thing about this type of attack is that it relies on old technology which was theoretically removed. But until S@T technology is completely wiped out from every SIM card, Simjacker remains a threat. And now, according to AdaptiveMobile Security's Cathal Mc Daid, "now that the vulnerability has been discovered, it is certain that the villain behind the vulnerability and other bad guys will find a way to transform this type of attack into other areas".
The GSM Association says it is aware of the Simjacker flaw and will work with researchers and the mobile industry to find out which SIM cards are affected, and how to block malicious messages from being sent.
By: Joe Cook