Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Adaptive Mobile Security has published a new report detailing Remote SimJacking attacks and the number of countries affected.
The report identified 29 countries across five continents to which mobile operators ship SIM cards vulnerable to Simjacker attacks.

The countries include Mexico, Dominican Republic, Brazil, Peru, Saudi Arabia, Iraq, Italy, Bulgaria, Nigeria, Ivory Coast and more
Exactly one month past, researchers at AdaptiveMobile Security disclosed a crucial vulnerability in SIM cards dubbed SimJacker that might be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

The SimJacker vulnerability resides in the S@T (SIMalliance Toolbox) Browser dynamic SIM toolkit that is embedded in most SIM cards used by mobile operators in many countries. The consultants discovered that that the exploitation of the vulnerability is freelance of the model of phone utilized by the victim.

“This varies by country and region. From our analysis, we tend to might establish sixty-one Mobile Operators (excluding MVNOs) within the twenty-nine countries that use this technology.” reads the report.

“Based on in publicreportabledata the additive subscriber numbers of those S@T Browser-using Operators involve ~861 million mobile connections (SIM cards).”

Not all SIM cards within the operator could use this technology. In discussions with a couple of operators within the LATAM region, we tend to were educated that the bulk of SIM Cards (>90%) in their network had it.

Read an FAQ page published by the experts,

“However, we have not named the specific company, we would need to release some additional proof. That proof would conjointly reveal specific strategies and data that will impact our ability to shield subscribers.”

Experts at adjustive Mobile conjointly analyzed the impact of the recently disclosed WIBattack and explained that it impacts a smaller range of users compared with SimJacker.

“WIB is a decency SIM card technology like S@T which reports show could also be used via ‘Simjacker-like’ attacks.

However, it’s necessary to state that we tend to haven’t seen any attacks involving WIB.” concludes the report.“The WIB technology itself seems less prevalent that the S@T Browser .”

How to Prevent Yourself from SimJacker Attacks

Apps out there, like SnoopSnitch, that you can download from Google Play Store to detect attacks based on suspicious binary SMS, it requires your Android device to be rooted and even knowing that won’t help you much.

Meanwhile, the GSM Association (GSMA), has provided the best ways to prevent and block these attacks to protect billions of mobile phone users worldwide.

Other Story From Malware & Vulnerabilities: Facebook Bugs Bounty Program Pays The Hackers For Reporting Security Bugs

Keep following us for more updates #TeamBugNResearch.

Leave a Reply

Your email address will not be published. Required fields are marked *