Simjacker vulnerability lets attackers track your location with an SMS

The Simjacker vulnerability could extend to over 1 billion mobile phone users globally.

As time passes, we’re witnessing more exploits building upon the usage of sim cards including the ever-famous sim swapping method. To add to these, just recently, AdaptiveMobile Security had released details of a previously undiscovered exploit dubbing it as SimJacking. How it apparently works is illustrated very simply with the help of a diagram below, however, there’s more to its intricacies.

Example of how Simjacker vulnerability can track mobile phone location of vulnerable subscribers – Image from AdaptiveMobile.

As seen, the attacker sends an SMS containing a specific kind of spyware to the phone of the victim which extracts location data and then sends it back to the attacker. Cathal from AdaptiveMobile Security offers a deeper look,

“This Simjacker Attack Message, sent from another handset, a GSM Modem or an SMS sending account connected to an A2P account, contains a series of SIM Toolkit (STK) instructions, and is specifically crafted to be passed on to the UICC/eUICC (SIM Card) within the device.”

“In order for these instructions to work, the attack exploits the presence of a particular piece of software, called the [email protected] Browser – that is on the UICC. Once the Simjacker Attack Message is received by the UICC, it uses the [email protected] Browser library as an execution environment on the UICC, where it can trigger logic on the handset,” researchers noted.

“For the main attack observed, the Simjacker code running on the UICC requests location and specific device information (the IMEI) from the handset. Once this information is retrieved, the Simjacker code running on the UICC then collates it and sends the combined information to a recipient number via another SMS (we call this the ‘Data Message’), again by triggering logic on the handset. This Data Message is the method by which the location and IMEI information can be exfiltrated to a remote phone controlled by the attacker.”

Moreover, amidst all of this, worrisome is the fact that the victim is not even notified of any message. Nothing appears in your inbox, stealthy as it can get. The technology being exploited is the [email protected] Browser software which is installed on sim cards. Even though it is quite old and has been replaced by others, its use still goes on by certain mobile phone operators which is why the exploit has the potential to compromise over 1 billion phones in 30 countries.

Image from AdaptiveMobile

As mentioned above these attacks are being used for location retrieval, however, by modifying the attack message, numerous other commands can be performed which include but are not limited to launching the browser, sending short messages, turning off the sim card and setting up calls.

Image from AdaptiveMobile

The team at AdaptiveMobile believes that the exploit was initiated by a private company in conjunction with governments to conduct surveillance. However, this is not confirmed as concrete evidence is yet to come to light. What we can learn from this is that we need to make sure our telecom operators are taking sufficient security measures before being a part of their network.

This particular case is a testimony to the fact that gone are the days when only mobile phone manufacturers needed to be on the guard against hackers. If you’re in doubt, it’s a good idea to call up your operator and verify the technology being used on your sim card, if it happens to be [email protected], wisdom would suggest immediately replacing your sim card.

You may also like...