A new SIM card flaw discovered2019-09-13 18:08 by Daniela
Researchers at security company AdaptiveMobile Security have discovered a flaw in SIM cards that can be exploited to track a phone's location, and potentially take over the device.
Dubbed Simjacker, the exploit is built around specific codes sent by SMS message to the SIM card on target devices. That SIM card, which let's remember is the cellular and operator gateway for the device as well as one of its two key identifiers—the other being the device itself, is programmed to capture and forward information to the attacker. Initially that attack focuses on the retrieval of device identity and location, but it can then go further—denial of service and fraudulent calls for example.
What makes the attack scary is how the SMS messages can be designed to request and then retrieve location data from the victim's phone in secret. None of the incoming SMS messages will appear in the owner's inbox. The same vulnerability can also be used to launch the mobile browser on the phone, and direct the owner to download malware. To send off the SMS messages, the attacker needs a phone, a GSM modem, or an SMS account at an A2P (application-to-person) provider.
"We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals," security researchers from AdaptiveMobile Security said in a report released today. "We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance."
Read more -here-