Sim vulnerabilities threaten more than 1 billion phones globally

Recently, researchers at AdaptiveMobile Security, based in Dublin (USA), have discovered a security vulnerability called SimJacker that could use users' own SIM phones to track them. .

The flaw lies in the dynamic sim toolkit of the S @ T Browser (SIMalliance Toolbox Browser), the browser embedded in most sim cards, including e-sims of carriers in at least 30 countries around the world. gender. This browser acts like an application implemented on the SIM card used by carriers to provide value-added services to customers such as stock prices, news, emails, etc.

Sim vulnerabilities threaten more than 1 billion phones globally Picture 1

AdaptiveMobile Security said the flaw could be developed by a private company that works with governments to monitor the locations of individuals around the globe. By exploiting this vulnerability, an attacker can gain a unique IMEI number for each phone.

To perform the Simjacker exploit, the hacker will initially send the target phone a binary SMS message containing a special script or format. After receiving the message, the device does not check the origin of the message but will forward it to the SIM card.

The SIM card will then use the S @ T browser to execute the command on that message, collect the phone IMEI number and collect location data, then transfer this information by binary SMS to a "accomplice device".

Sim vulnerabilities threaten more than 1 billion phones globally Picture 2

During a hacker attack, the victim will know nothing.

The hackers not only take advantage of the Simjacker flaw to monitor and monitor, but the malicious behavior can also be expanded to make calls for fraud, spam, eavesdropping .

The vulnerability affects all mobile phone models, so more than 1 billion phones could be attacked. However, in reality this figure may be much lower because many carriers around the world are no longer using SIM cards containing S @ T browser.

The GSM Association says it is working with researchers and the mobile industry to find out what types of SIM cards are affected and to find solutions to block malicious messages.

As recommended by AdaptiveMobile Security, carriers should filter illegal binary SMS messages and change the privacy settings on the user's SIM.

1. Warning: 600,000 child navigational devices may be hacked, parents should be careful
2. Not yet released, but iOS 13 has a security hole that bypasses the lock screen