What Happened

Recently, cyber security researchers have discovered a vulnerability that allows for tracking of mobile phones unbeknownst to the user. The vulnerability, deemed Simjacker, puts over one billion mobile users at risk and has been determined to have been in existence for over two years.

The exploit is known to be capable of attacks that can utilize the full STK command set against individuals including:

  • Fraud
  • Scam calls
  • Information leakage
  • Denial of Service
  • Espionage
  • Malware spreading

The attack was born from a technology in SIM cards known as SIMalliance Toolbox Browser, or S@T, which is used normally for browsing through the SIM card. The intended functionality of the technology is to trigger commands sent to the handset – all through SMS.

Why It Matters

When an attacker attempts to use this exploit for malicious purposes, the SMS containing SIM Toolkit (STK) instructions are passed on to the SIM card within the device, which then uses the S@T Browser library as an execution environment. This allows the SMS to trigger a logical response on the device, which retrieves the requested information, temporarily stores it in the SIM card, and then sends an SMS with the information back to the attacker’s handset.

Researchers say: “We can say with a high degree of certainty that the source is a large professional surveillance company, with very sophisticated capabilities…” The S@T protocol is in use by mobile companies at least 30 countries – adding to a total population of over one billion. Although the protocol is older and has not been updated since 2009, it is still used while remaining in the background.

What You Can Do to Protect Yourself

As a user, the best thing that you can do for now is to analyze and block text messages that contain S@T Browser commands.

Sources

For more information, please visit the sources for this blog, found here: