A vulnerability has been discovered in mobile phone SIM cards and it is being actively exploited. This attack has many potential options for the attacker on the target device including tracking the location, sending SMS messages, and collecting information.

Researchers from AdaptiveMobile Security said that they discovered an SMS-based hacking technique that has been named simjacker. They believe this has been used for approximately 2 years. This is being actively exploited by a spyware vendor to track individual phone users. The exploit could potentially work against over 1 billion mobile phones potentially impacting any region of the world where this SIM card technology is in use.
The vulnerability exists in the S@T Browser. S@T is short for SIMalliance Toolbox Browser it is a microbrowser or mobilebrowser that was designed to be used on mobile devices. This attack has been tested against multiple brands of phones from different manufacturers including Apple, Google, Huawei, Samsung, Motorola and ZTE, and even against some IoT devices that use SIM cards.
AdaptiveMobile says it has been working with customer mobile network operators to block attacks and notified both the GSM Association (representing the mobile operator community) and SIMalliance (representing SIM card manufacturers) of the threat.
Steven Reinkemeyer, President of Redport Information Assurance LLC commented ‘this is a disturbing exploit that has gone unnoticed for a long time. It is fortunate that AdaptiveMobile are working with the appropriate officials to resolve this exploit.”

Sources:
Security Week
AdaptiveMobile Security

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA