We vaguely talked about a vulnerability or vulnerabilities at this point in sim card which allows attackers to compromise cell phones. From thehackernwes.com I was able to track down the article which talks about it. Known as “SimJacker” the threat lies in the SIM toolkit which can be exploited no matter what type of cellphone users have. This particular type of SIM card is used in over 30 countries and more than a few dozen big operators use that. The freaky part is according to the article – “What’s worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries.” The article explains what exactly the SimJacker does and how it works.
“Disclosed by researchers at AdaptiveMobile Security in new research published today, the vulnerability can be exploited using a $10 GSM modem to perform several tasks, listed below, on a targeted device just by sending an SMS containing a specific type of spyware-like code.
Retrieving targeted device’ location and IMEI information,
- Spreading mis-information by sending fake messages on behalf of victims,
- Performing premium-rate scams by dialing premium-rate numbers,
- Spying on victims’ surroundings by instructing the device to call the attacker’s phone number,
- Spreading malware by forcing victim’s phone browser to open a malicious web page,
- Performing denial of service attacks by disabling the SIM card, and
- Retrieving other information like language, radio type, battery level, etc.”
Kind of a long read but worth it. Alarming imo!
Source Link: https://thehackernews.com/2019/09/simjacker-mobile-hacking.html
Hello Jaimin,
After reading through your post and looking through the article, I am quite shocked that there is such a volatile toolkit that exploits sim cards. While I can understand, albeit reluctantly, that government organizations and telecommunication providers use it, I am quite concerned that there are also private organizations with their hands on this technology. While it is true that all sorts of information can be considered valuable and can be sold, this unauthorized surveillance by non-affiliated private organizations is clearly an abuse of power and infringes on peoples privacy.