1 Billion Mobile Users at Risk of ‘SimJacker’ Surveillance Attack
Tech researchers are warning that a vulnerability inside up to a billion SIM cards being used worldwide is at risk of being exploited with something as simple as an SMS message to victims.
The exploit is known by researchers as the SimJacker vulnerability, which has the potential to track an owner’s location, intercept calls, messages and other sensitive data while the victim remains oblivious that their phone has been compromised. It is rumoured to have originated from espionage programs used by nation states.
According to reports from AdaptiveMobile Security, “the glitch has been exploited for the past two years by ‘a specific private company that works with governments to monitor individuals’ across a variety of global telecommunications networks.
“Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage,” researchers at AdaptiveMobile said in a post published earlier this week.
“We can say with a high degree of certainty, that the source is a large professional surveillance company, with very sophisticated abilities in both signalling and handsets.”
AdaptiveMobile “observed the hackers vary their attacks, testing many of these further exploits. In theory, all makes and models of mobile phones are open to attack as the vulnerability is linked to a technology embedded on SIM cards.”
The vulnerability originates from a specific piece of technology lurking inside a number of SIM cards called S@T Browser (SIMalliance Toolbox Browser) technology. This, once accessed remotely allows a third-party to essentially take control over key functions on the phone, including but not limited to accessing web browsers and location data, as well as other private information.
“The location information of thousands of devices was obtained over time without the knowledge or consent of the targeted mobile phone users,” AdaptiveMobile said. “During the attack, the user is completely unaware that they received the attack, that information was retrieved, and that it was successfully exfiltrated. However, the Simjacker attack can, and has been extended further to perform additional types of attacks.”
“We can say with a high degree of certainty, that the source is a large professional surveillance company, with very sophisticated abilities in both signalling and handsets,” they said.
ThreatPost is reporting that “once they have sent the message, attackers can launch an array of attacks utilizing the S@T browser, including: location tracking, fraud, denial of service, malware spreading and call interception. Using the attack, bad actors can also launch commands like playing a ringtone, sending short messages, setting up calls and more.”
The analysts have provided the following guidelines to mitigate risk:
Determine whether existing network equipment can be configured to filter binary SMS messages from unauthorised sources.
Consider if current firewalls are simply only GSMA document ‘compliant’. “These GSMA documents should really only be used as a starting point for more effective protection,” according to researchers.
Review the ongoing investigation and research you are doing on what is being encountered in your network.
The GSMA, a body representing around 800 of the world’s largest mobile network providers has responded to the claims, specifying that “the potential vulnerability is understood to not be widespread and mitigations have been developed for affected mobile networks to implement.”
It continued to explain that “the GSMA has worked with researchers and the mobile industry to create guidance for its members about how to identify which sims are impacted and ways to block these malicious messages, and has been working with the impacted member operators to help implement these mitigations.”