Experts have warned that more than one billion mobile users are vulnerable to a SIM card error threat actor are exploiting at the moment.
Researchers also say that a susceptibility exposed in mobile SIM cards is being vigorously exploited to track phone owners’ sites, interrupt calls and more just by sending an SMS message to victims.
It was revealed Thursday that there is a prevalent, continuing activity of a SIM card-based vulnerability, called “SimJacker.” The anomaly has been exploited for the past two years by a particular private company that works with governments to screen people, affecting numerous mobile operators with the potential to impact over a billion mobile phone users worldwide.
“Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage,” said researchers with AdaptiveMobile Security in a post breaking down the attack, released Thursday.
They said they “observed the hackers vary their attacks, testing many of these further exploits. In theory, all makes and models of mobile phone are open to attack as the vulnerability is linked to a technology embedded on SIM cards.”
“The location information of thousands of devices was obtained over time without the knowledge or consent of the targeted mobile phone users,” researchers said. “During the attack, the user is completely unaware that they received the attack, that information was retrieved, and that it was successfully exfiltrated. However, the Simjacker attack can, and has been extended further to perform additional types of attacks.”
Experts have said that they have seen many of these possible attacks being tried and used by the attacker group. Although they did not name the group, they said: “We can say with a high degree of certainty, that the source is a large professional surveillance company, with very sophisticated abilities in both signaling and handsets.”
To alleviate against the attack, users can “investigate if you have SIM cards with S@T Browser technology deployed in your network and if so whether any S@T Browser-specific proprietary security mechanisms can be applied,” researchers said.
Experts are reported to have said that they have submitted the details of the exploit to the GSMA in terms of susceptibility revelation, and “will continue to research how the attacks function, look for other variants of the Simjacker exploits and use of the vulnerability.”
“This research specifically considers SIM cards which make use of a technology not used by most mobile operators, and requires a user to be sent specially coded messages containing commands for the SIM card,” a GSMA spokesperson said. “The potential vulnerability is understood to not be widespread and mitigations have been developed for affected mobile networks to implement.”