Tuesday, June 18, 2024

Simjacker Vulnerability – Attackers take Control Over Mobile Phones via an SMS Message

Security researchers disclosed a new attack dubbed Simjacker, that can be exploited by sending an SMS containing a specific type of spyware codes.

The vulnerability found to be actively exploited for more than 2 years by a private company that works for the government to monitor the individuals.

How the Attack Works

The Simjacker attack starts with an SMS message that includes spyware-like code sent to the targeted recipient’s mobile phone, which instructs SIM card to send another SMS with details such as location/terminal information, without any user interaction.

The attack abuses S@T Browser(SIMalliance Toolbox Browser) functionality on the SIM card to trigger the commands that are sent to the handset and the responses to the command are stored temporarily in the SIM card.

Then once it obtains relevant information from the handset, another proactive command sent to the headset instructing to send an SMS with the information collected. The collected information includes location and IMEI number of the headset.

According to AdaptiveMobile Security research, other types of attack are also possible using the S@T Browser, including location tracking, fraud, denial of service, malware spreading and call interception.

“AdaptiveMobile Security research indicates that the Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in the Americas, Africa, Europe, the Middle East and indeed any region of the world where this SIM card technology is in use. “

The vulnerability is due to the improper validation of messages that use ” S@T Browser, and SIMs allow data download via SMS.”

This attack is also unique, in that the Simjacker Attack Message could logically be classified as carrying a complete malware payload, specifical spyware reads AdaptiveMobile Security report.

Who is Conducting this Attack

AdaptiveMobile said that the attack was conducted by a private company working for the government, also the same company has control over SS7 core, because when Simjacker attack failed they are targeted using SS7 attacks.

“In one country we are seeing roughly 100-150 specific individual phone numbers being targeted per day via Simjacker attacks, although we have witnessed bursts of up to 300 phone numbers attempting to be tracked in a day, the distribution of tracking attempts varies.”

The attack targets all the devices including Apple, ZTE, Motorola, Samsung, Google, Huawei, and even IoT devices with SIM cards.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles