Thursday, March 28, 2024

Simjacker Vulnerability – Attackers take Control Over Mobile Phones via an SMS Message

Security researchers disclosed a new attack dubbed Simjacker, that can be exploited by sending an SMS containing a specific type of spyware codes.

The vulnerability found to be actively exploited for more than 2 years by a private company that works for the government to monitor the individuals.

How the Attack Works

The Simjacker attack starts with an SMS message that includes spyware-like code sent to the targeted recipient’s mobile phone, which instructs SIM card to send another SMS with details such as location/terminal information, without any user interaction.

The attack abuses S@T Browser(SIMalliance Toolbox Browser) functionality on the SIM card to trigger the commands that are sent to the handset and the responses to the command are stored temporarily in the SIM card.

Then once it obtains relevant information from the handset, another proactive command sent to the headset instructing to send an SMS with the information collected. The collected information includes location and IMEI number of the headset.

According to AdaptiveMobile Security research, other types of attack are also possible using the S@T Browser, including location tracking, fraud, denial of service, malware spreading and call interception.

“AdaptiveMobile Security research indicates that the Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in the Americas, Africa, Europe, the Middle East and indeed any region of the world where this SIM card technology is in use. “

The vulnerability is due to the improper validation of messages that use ” S@T Browser, and SIMs allow data download via SMS.”

This attack is also unique, in that the Simjacker Attack Message could logically be classified as carrying a complete malware payload, specifical spyware reads AdaptiveMobile Security report.

Who is Conducting this Attack

AdaptiveMobile said that the attack was conducted by a private company working for the government, also the same company has control over SS7 core, because when Simjacker attack failed they are targeted using SS7 attacks.

“In one country we are seeing roughly 100-150 specific individual phone numbers being targeted per day via Simjacker attacks, although we have witnessed bursts of up to 300 phone numbers attempting to be tracked in a day, the distribution of tracking attempts varies.”

The attack targets all the devices including Apple, ZTE, Motorola, Samsung, Google, Huawei, and even IoT devices with SIM cards.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles