The computer security firm Adaptive Mobile Security recently discovered a very serious vulnerability that has the potential to affect a huge number of SIM cards across the globe. The ruling in question has been baptized as Simjacker and is, according to experts, the most sophisticated in history.
Explains a report from the Xataka portal that Simjacker would be active during the last two years, and that its main use could be for surveillance purposes. The anomaly would also affect more than one billion users worldwide, who run the risk that their location and the operation of all their phones are exposed to the mercy of computer criminals.
The Simjacker vulnerability allows any attacker (or person with sufficient knowledge) to use S@T Browser (an outdated data collection software but still present by default on the SIM cards of numerous operators) to take advantage of the generation of a gate input and, thus, send an SMS with instructions that take control of the circuitry of the SIM card.
A second SMS sent to the device from which the attack originated proceeds to share the location and IMEI of the attacked device.
All this, as revealed by Adaptive Mobile Security, occurs in the background. That, because the user does not learn to have received or subsequently sent an SMS with the information.
And yes, when the vulnerability is said to be very serious, it is because Simjacker does not discriminate between brands, models, or operating systems. Theirs is to take advantage of the failure of SIM cards that, in some way or another, are a universal product.
What can be done?
According to the ElCorreo portal, the only thing that users can do about Simjacker is to press phone operators to modify the design of their SIM cards (something they have hardly done in the last decade). Of rest, any action that is undertaken is technically useless or exaggeratedly complicated.
Simjacker is a fault that has everything to become a terrible problem of epic proportions therefore and how much hackers can do whatever they want, from making calls to sending text messages, going through opening the web browser and even deactivating the SIM card of the attacked phone … all remotely and in a matter of seconds.
Nothing prevents third parties from using Simjacker to promote misinformation, commit fraud, spy or spread malware.