A bug in your SIM card can hack your mobile just by SMS


The SIM card is one of the safest elements of our mobile phones, and allows operators to identify and give us access to their network. However, a group of researchers have questioned their security, since they claim that there is a critical vulnerability in our SIM cards that allows a remote attacker to hack mobile phones and spy on us just by sending an SMS.

SimJacker: the attack that can get malware into our mobile through SIM

The vulnerability has been dubbed as SimJacker, and attacks a part of the software called S@T Browser (SIMalliance Toolbox Browser), a SIM card tool used by many operators in at least 30 countries around the world. This tool adds various functionalities for operators, being able to manage services, subscriptions or other services. To operate, it contains a series of instructions, such as sending a short message, establishing a call, launching the browser, executing a command or sending data, which can be activated by sending an SMS to the device. Thanks to this, an attacker has an execution environment at his disposal to execute the commands.

In addition, researchers have discovered that a company that works with governments around the world has been exploiting this vulnerability for at least the last two years for surveillance and spying on users around the world.

To take advantage of the vulnerability, only a 10-dollar GSM modem is necessary to, by sending a simple SMS, perform all kinds of malicious activities. Among them we find obtaining the location of a device and its IMEI, supplanting the identity of the sender of an SMS, sending scams of premium numbers by SMS, forcing the call to the number they want, opening a malicious link in a user’s browser, make DDoS attacks, play a sound on the mobile, disconnect the card, or obtain information from the mobile such as the language used, connection type, battery level, etc. Basically, do anything that can modify the SIM.

The standard of SIM cards has not been updated for 10 years

The worst of all this is that the user cannot know at any time that he is being the subject of this attack or what information has been stolen, in addition to affecting all mobile phones on the market that use both physical SIM cards (of any size) ) as eSIM, since the function has been present in all cards decades ago. The specification of SIM cards hasn’t been updated since 2009.

The attack works so well because it took advantage of a series of complex interfaces and hidden tools, which shows that operators cannot rely on current technologies to defend themselves. In addition, having made the vulnerability public, more hackers will try to take advantage of it.

The GSMA already has all the vulnerability data, and SIMalliance has recognized the vulnerability and has recommended that SIM card manufacturers include modifications to S @ T push messages. Operators can mitigate the vulnerability by introducing a process to analyze and block suspicious messages that use S @ T commands. Users can only ask for a new SIM to protect against this, but we don’t even know if the changes will be implemented in the short term.

Source: SimJacker