A new dangerous one threat a privacy and to the safety of mobile users comes through the card SIM. The weak point was found by AdaptiveMobile And his name is Simjacker.
Simjacker attacks the SIMs
Attack cracker based on sending SMS messages, Simjacker allowed for two years organizations that exploited it to constantly and invisibly track the location of an unknown number of smartphones. The flaw affects several mobile phone operators, with the potential to have an impact on over a billion phone users globally.
AdaptiveMobile Security has discovered a new undetected vulnerability and associated exploits, called Simjacker. This flaw is currently actively exploited by a specific private company that works with governments to monitor people.
The attack was called Simjacker because of its goal – that is, the SIM cards inserted inside the terminals – and uses two structures that are found on most of the SIMs in circulation: namely the SIM Application Toolkit and S @ T Browser.
Information on the location of thousands of devices was obtained over time, without users knowing it. During the attack, the user is completely unaware that his information has been successfully filtered out.
Example of how Simjacker can track the location of the mobile phone of vulnerable users:
According to AdaptiveMobile Security, per limit the attack, users can investigate whether there are SIM cards with S @ T Browser technology in their network (SIM Alliance certificate) and, if so, whether specific security mechanisms can be applied.
Researchers who discovered the flaw reiterated that the S @ T protocol is used in at least 30 countries, for a total number of more than one billion people. Against, GSMA (commercial body representing the interests of mobile network operators around the world) stated – in an e-mail to Threatpost – that the potential vulnerability affects a small minority of SIMs in circulation.
This research takes into consideration in particular SIM cards that use a technology not used by most mobile operators (S @ T Browser ed) and requires that a user be sent specially encoded messages containing commands for the SIM card. The potential vulnerability is not so widespread and, moreover, devices have been developed to be implemented for the mobile networks involved.
The vulnerability would be currently under attack by a private company that works with government institutions. The SIMs, in short, would be skiable. We know how, we don't know by whom.