Home News A bug in your SIM card can hack your mobile just by...

A bug in your SIM card can hack your mobile just by SMS

The SIM card is one of the safest elements of our mobile phones, and allows operators to identify and give us access to their network. However, a group of researchers have questioned their security, since they claim that there is a critical vulnerability in our SIM cards that allows a remote attacker to hack mobile phones and spy on us just by sending an SMS.



SimJacker: the attack that can get malware into our mobile through SIM

The vulnerability has been dubbed as SimJacker, and attacks a part of the software called [email protected] Browser (SIMalliance Toolbox Browser), a SIM card tool used by many operators in at least 30 countries around the world. This tool adds various functionalities for operators, being able to manage services, subscriptions or other services. To operate, it contains a series of instructions, such as sending a short message, establishing a call, launching the browser, executing a command or sending data, which can be activated by sending an SMS to the device. Thanks to this, an attacker has an execution environment at his disposal to execute the commands.



In addition, researchers have discovered that a company that works with governments around the world has been exploiting this vulnerability for at least the last two years for surveillance and spying on users around the world.

To take advantage of the vulnerability, only a 10-dollar GSM modem is necessary to, by sending a simple SMS, perform all kinds of malicious activities. Among them we find obtaining the location of a device and its IMEI, supplanting the identity of the sender of an SMS, sending scams of premium numbers by SMS, forcing the call to the number they want, opening a malicious link in a user’s browser, make DDoS attacks, play a sound on the mobile, disconnect the card, or obtain information from the mobile such as the language used, connection type, battery level, etc. Basically, do anything that can modify the SIM.



The standard of SIM cards has not been updated for 10 years

The worst of all this is that the user cannot know at any time that he is being the subject of this attack or what information has been stolen, in addition to affecting all mobile phones on the market that use both physical SIM cards (of any size) ) as eSIM, since the function has been present in all cards decades ago. The specification of SIM cards hasn’t been updated since 2009.



The attack works so well because it took advantage of a series of complex interfaces and hidden tools, which shows that operators cannot rely on current technologies to defend themselves. In addition, having made the vulnerability public, more hackers will try to take advantage of it.

The GSMA already has all the vulnerability data, and SIMalliance has recognized the vulnerability and has recommended that SIM card manufacturers include modifications to S @ T push messages. Operators can mitigate the vulnerability by introducing a process to analyze and block suspicious messages that use S @ T commands. Users can only ask for a new SIM to protect against this, but we don’t even know if the changes will be implemented in the short term.



Source: SimJacker

Richard Sabinohttp://itspecialistdr.com
I like to share Information Technology News and how-to tips with all the people around me. I created this blog to reach the most people I can.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

Microsoft Azure Virtual Training Day: Fundamentals

(adsbygoogle = window.adsbygoogle || ).push({}); Today we're...

Eliminate background noise from conference calls with Krisp for free

Krisp is an AI-powered filter that virtually eliminates background noise, letting your work-from-home experience be a little more pleasant and professional.

Microsoft is offering free certification voucher

(adsbygoogle = window.adsbygoogle || ).push({}); If you have been desiring to...

How to share your Calendar in Outlook with someone else

(adsbygoogle = window.adsbygoogle || ).push({}); Have you ever been struggling in...

A San Francisco church file a lawsuit against Zoom claiming the company is failing to protect users

An online Bible study session has been victim of Zoom-bombing which led this San Francisco Church to file a lawsuit against Zoom...

Google removed 813 creepware apps from the Android Play Store

(adsbygoogle = window.adsbygoogle || ).push({}); NortonLifeLock and researchers from the New...

Microsoft stopped the release of Windows 10 32-Bit Build for new PC

(adsbygoogle = window.adsbygoogle || ).push({}); There are signals that Microsoft is...