Researchers found a weakness in mobile SIM cards that allowed the phone owner’s location to be tracked and searched. According to the researchers, it is enough to send an SMS to users in order to benefit from the vulnerability.
This simcard-based simjacker-based vulnerability is common, but still harms users. Simjacker has been used by a private company working with the government to spy on users for the past two years. The vulnerability, which affects more than one mobile operator, has the potential to affect more than one billion phone users globally.
AdaptiveMobile Security researchers shared a post Thursday saying:
The company said they observed that hackers were testing most of the abuses while diversifying their attacks. Theoretically, the vulnerability depends on a technology built on SIM cards, so it was stated that mobile phones from all brands and models were vulnerable to attack.
The attack is caused by S @ T Scanner technology, an acronym for the SIMalliance Toolbox Scanner on SIM cards. This technology, commonly used to navigate the SIM card, can be used for functions such as opening a browser, making calls and ringing ringtones on the phone.
Attackers can send messages to victims using The S @ T Scanner to trigger proactive commands sent to the handset. Sim cards containing S @ T Scanner technology do not control the origin of messages using the S @ T Scanner, and SIMs using this technology also allow data to be downloaded via SMS, the researchers said.
To prevent an attack, you can investigate whether your network has SIM cards with S @ T Scanner technology and, if any, whether proprietary security mechanisms specific to S @ T Scanner can be implemented.
You can also check whether existing network equipment is configured to filter binary SMS messages from unauthorized sources. Finally, you can check that existing firewalls are only “compatible” with the GSMA document.