Simjacker vulnerability lets attackers track your location with an SMS

Simjacker vulnerability lets attackers track your location with an SMS

The Simjacker vulnerability could extend to over 1 billion mobile phone users globally.


As time passes, we’re witnessing more exploits building upon the usage of sim cards including the ever-famous sim swapping method. To add to these, just recently, AdaptiveMobile Security had released details of a previously undiscovered exploit dubbing it as SimJacking. How it apparently works is illustrated very simply with the help of a diagram below, however, there’s more to its intricacies.



Example of how Simjacker vulnerability can track mobile phone location of vulnerable subscribers – Image from AdaptiveMobile.


As seen, the attacker sends an SMS containing a specific kind of spyware to the phone of the victim which extracts location data and then sends it back to the attacker. Cathal from AdaptiveMobile Security offers a deeper look,


See: Hackers can break into Android devices by sending a text


“This Simjacker Attack Message, sent from another handset, a GSM Modem or an SMS sending account connected to an A2P account, contains a series of SIM Toolkit (STK) instructions, and is specifically crafted to be passed on to the UICC/eUICC (SIM Card) within the device.”


“In order for these instructions to work, the attack exploits the presence of a particular piece of software, called the S@T Browser – that is on the UICC. Once the Simjacker Atta ..

Support the originator by clicking the read the rest link below.