The Simjacker vulnerability could extend to over 1 billion mobile phone users globally.
As time passes, we’re witnessing more exploits building upon the usage of sim cards including the ever-famous sim swapping method. To add to these, just recently, AdaptiveMobile Security had released details of a previously undiscovered exploit dubbing it as SimJacking. How it apparently works is illustrated very simply with the help of a diagram below, however, there’s more to its intricacies.
As seen, the attacker sends an SMS containing a specific kind of spyware to the phone of the victim which extracts location data and then sends it back to the attacker. Cathal from AdaptiveMobile Security offers a deeper look,
See: Hackers can break into Android devices by sending a text
“This Simjacker Attack Message, sent from another handset, a GSM Modem or an SMS sending account connected to an A2P account, contains a series of SIM Toolkit (STK) instructions, and is specifically crafted to be passed on to the UICC/eUICC (SIM Card) within the device.”
“In order for these instructions to work, the attack exploits the presence of a particular piece of software, called the S@T Browser – that is on the UICC. Once the Simjacker Atta ..
Support the originator by clicking the read the rest link below.