Trusted by over 1.6 million members since 2014 — why not join them?
Snailsoft
∞ and beyond!
Staff Member
Moderator
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Member for 2 years
Smart phones are not one device, rather, they are a network of micro computers contained in a package.
One of those microcomputers is called a Single Inline Module, and it renders all of your device security useless.
It is not uncommon for terrorists in costumes to lie to phone companies about having a Warrant in order to track you!
The alphabet soup agencies don't even bother with Warrants. Cyber criminal's don't need them!
Simjacker is a cellular software exploit for SIM cards discovered by AdaptiveMobile Security. At the time of public disclosure, 29 countries were vulnerable according to ZDNet. The vulnerability has been exploited primarily in Mexico, but also Colombia and Peru, according to the Wall Street Journal, where it was used to track the location of mobile phone users without their knowledge.
Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage. AdaptiveMobile Security Threat Intelligence analysts observed the hackers vary their attacks, testing many of these further exploits. In theory, all makes and models of mobile phone are open to attack as the vulnerability is linked to a technology embedded on SIM cards. The Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in the Americas, West Africa, Europe, Middle East and indeed any region of the world where this SIM card technology is in use.
Beyond Location
However, the novelty and potential of Simjacker does not stop there. Retrieving a person’s location is one thing, but by using the same technique, and by modifying the attack message, the attacker could instruct the UICC to execute a range of other attacks. This is because using the same method the attacker has access to a range* of STK command set, some examples of these STK commands are:
PLAY TONE
SEND SHORT MESSAGE
SET UP CALL
SEND USSD
SEND SS
PROVIDE LOCAL INFORMATION
Location Information, IMEI, Battery, Network, Language, etc
SEND DTMF COMMAND
LAUNCH BROWSER
Discovered in 2019, this exploit has not been addressed from a security standpoint.
Who is the company responsible?
Within the report, we outline why we think it is a surveillance company that developed this exploit. However, we did not name the specific company initially we believe is responsible, as to do so, we would need to release some additional proof. That proof would also reveal specific methods and information that would impact our ability to protect subscribers. The actual identity of the exploit developer was not essential to know when planning how to defend against these types of exploits. We know that it has been used by a threat actor who executes highly sophisticated and complex attacks, so mobile operators should expect them to adapt quickly to any defences and try new techniques in the future. Having gathered what was needed, in 2023 we went forward to the GSM and publicly identified the National Security Agency, Central Intelligence Agency and Federal Bureau of Investigation as the technology developers and deployment group's behind this spying technology.
Learn more in this video:
One of those microcomputers is called a Single Inline Module, and it renders all of your device security useless.
It is not uncommon for terrorists in costumes to lie to phone companies about having a Warrant in order to track you!
The alphabet soup agencies don't even bother with Warrants. Cyber criminal's don't need them!
Simjacker is a cellular software exploit for SIM cards discovered by AdaptiveMobile Security. At the time of public disclosure, 29 countries were vulnerable according to ZDNet. The vulnerability has been exploited primarily in Mexico, but also Colombia and Peru, according to the Wall Street Journal, where it was used to track the location of mobile phone users without their knowledge.
Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage. AdaptiveMobile Security Threat Intelligence analysts observed the hackers vary their attacks, testing many of these further exploits. In theory, all makes and models of mobile phone are open to attack as the vulnerability is linked to a technology embedded on SIM cards. The Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in the Americas, West Africa, Europe, Middle East and indeed any region of the world where this SIM card technology is in use.
Beyond Location
However, the novelty and potential of Simjacker does not stop there. Retrieving a person’s location is one thing, but by using the same technique, and by modifying the attack message, the attacker could instruct the UICC to execute a range of other attacks. This is because using the same method the attacker has access to a range* of STK command set, some examples of these STK commands are:
PLAY TONE
SEND SHORT MESSAGE
SET UP CALL
SEND USSD
SEND SS
PROVIDE LOCAL INFORMATION
Location Information, IMEI, Battery, Network, Language, etc
SEND DTMF COMMAND
LAUNCH BROWSER
Discovered in 2019, this exploit has not been addressed from a security standpoint.
Who is the company responsible?
Within the report, we outline why we think it is a surveillance company that developed this exploit. However, we did not name the specific company initially we believe is responsible, as to do so, we would need to release some additional proof. That proof would also reveal specific methods and information that would impact our ability to protect subscribers. The actual identity of the exploit developer was not essential to know when planning how to defend against these types of exploits. We know that it has been used by a threat actor who executes highly sophisticated and complex attacks, so mobile operators should expect them to adapt quickly to any defences and try new techniques in the future. Having gathered what was needed, in 2023 we went forward to the GSM and publicly identified the National Security Agency, Central Intelligence Agency and Federal Bureau of Investigation as the technology developers and deployment group's behind this spying technology.
Learn more in this video:
