What is Simjacker attack?

Simjacker is a novel and previously unnoticed vulnerability and associated exploits discovered by AdaptiveMobile Security, which is a specific commercial business that works with governments to track individuals is presently aggressively exploiting this vulnerability.

  • Simjacker and its accompanying vulnerabilities are far more complicated and sophisticated than earlier attacks on mobile core networks.

  • The main Simjacker attack is sending an SMS to a mobile phone with a special sort of spyware-like malware, which tells the SIM Card within the phone to 'takeover' the phone and retrieves and conduct critical orders.

  • Thousands of devices' location data was collected over time without the targeted mobile phone owners' knowledge or consent. The user is absolutely unaware that they have been attacked, that information has been obtained, and that it has been successfully infiltrated throughout the assault.

Scope of Simjacker

Simjacker has also been used to carry out a variety of additional attacks against individuals and mobile providers, including fraud, phishing calls, data leaking, denial of service, and espionage. The hackers varied their assaults, trying several of these new flaws, according to AdaptiveMobile Security Threat Intelligence researchers.

  • Because the vulnerability is related to a technology inherent in SIM cards, all brands and models of mobile phones are theoretically vulnerable.

  • The Simjacker vulnerability might affect over 1 billion mobile phone users worldwide, including nations in the Americas, West Africa, Europe, the Middle East, and the Middle East, and North Africa.

How Does a Simjacker Attack Work?

At its most basic level, the main Simjacker attack is sending an SMS to a mobile phone with a special sort of spyware-like malware, which tells the UICC (SIM Card) within the phone to take over the phone in order to receive and conduct sensitive orders.

  • The assault starts when a Simjacker 'Attack Message' is sent to the targeted phone.

  • This Simjacker Attack Message comprises a sequence of SIM Toolkit (STK) instructions and is particularly created to be sent on to the SIM Card in the device and is transmitted from another handset, a GSM Modem, or an SMS transmitting account connected to an A2P account.

  • The attack depends on the piece of software called the S@T Browser on the UICC in order for these instructions to operate. When the UICC receives the Simjacker Attack Message, it leverages the S@T Browser library as an execution environment on the UICC to execute logic on the handset.

  • The Simjacker malware running on the UICC seeks location and particular device information (the IMEI) from the handset in the main assault.

  • After retrieving this data, the Simjacker code on the UICC compiles it and delivers it to a recipient number via another SMS (dubbed the "Data Message"), which is triggered by handset logic. This Data Message is the means by which the attacker can infiltrate the attacker's location and IMEI information to a distant phone.

  • The user remains totally ignorant that they received the Simjacker Assault message, that information was obtained, and that it was transmitted outwards in the Data Message SMS during the attack. There is no sign in any SMS inbox or outbox.

Why is Simjacker Significant?

The attack requires both the acceptance of these specific SMS messages and the presence of the S@T Browser software on the UICC of the targeted phone. It has already been proven how certain SMS messages targeting UICC cards may be abused for nefarious purposes.

The Simjacker assault employs a new technique, depending on the S@T Browser software as an execution environment to drastically simplify and broaden the attack. The SIMalliance Toolbox Browser – or S@T (pronounced sat) Browser – is a program specified by the SIMalliance that may be loaded on a variety of UICC (SIM cards), including eSIMs.

This S@T Browser program isn't well-known. Its original aim was to provide services like obtaining your account balance via your SIM card. Its purpose has mostly been replaced by newer technologies, and its specification has not been updated since 2009; yet, it is still utilised in the background, as with many old technologies. In this case, we discovered that cell carriers are using the S@T protocol in 30 countries with a combined population of over a billion people, possibly affecting a large number of individuals. It's also very probable that cell providers in other nations will continue to employ the technology on certain SIM cards.

The Simjacker Assault Message might reasonably be regarded as having a whole malware payload, especially spyware, which makes this attack unique. This is because it provides a set of instructions for the SIM card to follow. Because software is fundamentally a set of instructions, and malware is 'bad' software, the Simjacker might be the first real-world incidence of malware (specific spyware) being distributed by SMS. Previous viruses distributed by SMS, such as the cases described in this article, have involved sending links to malware, not the malware itself, within a complete message.