Posted on September 14, 2019 at 3:12 AM
We are currently living in an era in which the most prized asset is information. It is the equivalent of power: whoever has more relevant data will have the keys to unlock significant earning potential, and that is why customer data and communications metadata is so important for mobile carriers and network operators.
A new exploit was recently discovered, and it comes in the form of a SIM card malware that threatens to spy on more than one billion mobile devices. It has been named Simjacker and was unveiled by AdaptiveMobile Security’s research staff.
The threat is built around particular codes that get to a person’s SIM card via SMS. The SIM card acts as the device’s brain: it remembers the phone association with the mobile carrier. In the attack, the SIM card is set up and configured to gather and send information about the victim to the cybercriminal, thanks to the spyware.
Sensible Data Exchanging Hands
Some of the things that a hacker can achieve with this type of attack are retrieving the device’s identity and real-time location, but the damage has the potential to be a lot more painful since the denial of service (DoS) attacks and fraudulent calls could also be performed.
The investigators and researchers that discovered the threat explained that cybercriminals have been taking advantage of the exploit for at least a couple of years, and they have managed to learn their victims’ real-time location through their devices without them knowing anything about it.
The staff refers to a sophisticated and highly skilled hacker that has exploited the vulnerability of several nations around the world. The attack, being at the SIM card level, messes with the core technology of the device and its ability to communicate with the world, not with hardware. Because of that, the specialists that unveiled its estimate that the threat can reach up to one billion mobile devices around the world, with no distinction of brand or model.
The SIM card becomes exploitable just by neglecting the check of the origin of messages and letting SMS download data, which makes Simjacker a potential cybersecurity problem that goes beyond phone makers and brands.
The AdaptiveMobile Security staff states that its confidence level in the fact that the vulnerability has been implemented as a means to spy on people’s activity is very high. However, and despite that fact, the company doesn’t know or doesn’t indicate the actor or actors that may be behind the criminal activity.
Uncertainty About the Actors
Also, the company hasn’t indicated whether the person or people behind the attacks is a private firm that is selling its services around the web world, or if it is associated with a particular country or institution.
The research team outlined that it has been working together with phone users, SIM card manufacturers, and other actors in the industry to find measures and methods that can offer protection to users around the world. AdaptiveMobile emphasizes that attacks have been avoided and security systems have been enhanced at the new threat.
The hackers arrange everything to send SIM Toolkit instructions from a short message sender. The attack has an old-school approach because it doesn’t affect any operating system or hardware: the malware has an effect on the SIM card.
It is mind-boggling that something as obsolete as SIM cards and SMS messages can represent such a dangerous threat to such a high number of devices around the globe. Both of those elements combine with outdated industry-standard software designed when SIM cards came under different settings and circumstances.
Exploiting Weak Security Layers
The researchers said that it is still in use while in the background, which is similar to other legacy technologies. The sad thing is that highly skilled hackers can easily exploit the vulnerable, weak security layers that have become obsolete.
When a device gets the perpetrator’s message, the SIM’s S@T Browser will not be an execution ecosystem and will engage with its mobile, something that SIM cards are known to have done a long time ago.
Once the infected mobile phone sends an SMS back to the cybercriminal, it will have the data that is considered so valuable in our current reality. It could be the first spyware at the SMS level.