Simjacker Attack

Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users.

simjacker

The vulnerability and its associated attacks have been named Simjacker as it involves the hijacking of SIM cards and threatens mobile phone users across the globe.

What does Simjacker do?

Simjacker extracts the location information of mobile phone users from vulnerable operators, retrieved using malicious SMS messages. The location information of thousands of devices was obtained over time without the knowledge or consent of the targeted mobile phone users.

Based on previous intelligence, it is likely that these attacks originated from a surveillance company which works with governments, to track and monitor individuals; bypassing existing signalling protection.

“Simjacker represents a clear danger to the mobile operators and subscribers. This is potentially the most sophisticated attack ever seen over core mobile networks. It’s a major wake-up call that shows hostile actors are investing heavily in increasingly complex and creative ways to undermine network security. This compromises the security and trust of customers, mobile operators and impacts the national security of entire countries,” said Cathal Mc Daid, CTO, AdaptiveMobile Security.

A multitude of attacks

While the primary attack detected involved the retrieval of mobile phone locations, Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage. AdaptiveMobile Security Threat Intelligence analysts observed the hackers vary their attacks, testing many of these further exploits.

simjacker

All makes and models of mobile phone are open to attack

In theory, all makes and models of mobile phone are open to attack as the vulnerability is linked to a technology embedded on SIM cards.

AdaptiveMobile Security research indicates that the Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in North and South America, West Africa, Europe, Middle East and indeed any region of the world where this SIM card technology is in use.

Mc Daid continued, “Simjacker worked so well and was being successfully exploited for years because it took advantage of a combination of complex interfaces and obscure technologies, showing that mobile operators cannot rely on standard established defences. Now that this vulnerability has been revealed, we fully expect the exploit authors and other malicious actors will try to evolve these attacks into other areas”.