AdaptiveMobile Security has released a report about the existence of a new vulnerability named Simjacker and the related exploits.
“Other than the impact on its victims, from our analysis, Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core networks,” say the researchers.
How does the Simjacker work?
The Simjacker attack is initiated by sending an SMS with hidden SIM Toolkit (STK) instructions to the targeted SIM card.
Simjacker exploitation could allow attackers to spread malware, conduct espionage, and fraud among other malicious activities. The fact that this exploitation is independent of the mobile devices is a huge advantage to the criminals behind such attacks.
Who is responsible for Simjacker attacks?
Researchers have their reasons to believe that a private company that works with the government to monitor citizens is behind this attack. It has been observed that the priorities in tracking different phone numbers keep shifting.
What to watch
AdaptiveMobile Security has announced it will share more details about Simjacker at the Virus Bulletin Conference in London on October 3, 2019.