Simjacker Attack: A New Era in User Surveillance Techniques

Researchers at AdaptiveMobile Security have discovered a vulnerability in mobile operator networks that allows attackers to track users’ locations. This vulnerability, already being exploited by cybercriminals, has been named Simjacker because it involves hacking SIM cards.

According to the researchers, this vulnerability has been actively exploited for at least two years by advanced cybercriminals, most likely working for government agencies, to spy on users.

How the Simjacker Attack Works

The Simjacker attack involves sending a specially crafted SMS message to the target phone. This message contains a code similar to spyware, which is unusual because SMS attacks typically include a link to malicious software, not the malware itself. Simjacker is the first real-world attack where spyware is delivered directly within an SMS message.

The malicious code instructs the phone’s SIM card to “take over” the device in order to receive and execute commands. All of this happens without the victim’s knowledge—they are unaware of receiving a malicious SMS, the collection of their location data, or the subsequent transmission of this information via another SMS. These messages do not appear in the inbox or outbox.

Potential Consequences of the Attack

By simply modifying the malicious SMS, an attacker can not only obtain the user’s location data but also initiate calls, send SMS and USSD messages, disable the SIM card, open the browser, and more.

Ongoing Research

Positive Technologies is conducting research on how much time information security specialists spend working with SIEM systems. They invite professionals to anonymously answer a few questions at this survey link.