According to AdaptiveMobile Security, a vulnerability called Simjacker was found in SIM cards that is being used to track users, intercept calls among other nefarious activities. The researchers at the firm put the estimate at more than a billion smartphones that could under attack.
"This vulnerability is currently being actively exploited by a specific private company that works with governments to monitor individuals. Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core networks. The main Simjacker attack involves an SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM card within the phone to 'take over' the mobile phone to retrieve and perform sensitive commands," the researchers noted .
The nature of the attack at its massive scale is worrisome.
Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage," the researchers added.
How does the Simjacker work?
The Simjacker attack is initiated by sending an SMS with hidden SIM Toolkit (STK) instructions to the targeted SIM card.
- The S@T browser, a mechanism in SIM cards is abused to receive the victim’s location and IMEI number.
- The attack is undetected by the victim because there is no record of the SMS in the inbox or outbox.
- After the initial infiltration, the victim’s location is tracked by sending SMS messages at regular intervals.
- Simjacker commands may also cause the affected mobile phone to make calls, power off the card, send multimedia messages, and various other actions.
Simjacker exploitation could allow attackers to spread malware, conduct espionage, and fraud among other malicious activities. The fact that this exploitation is independent of the mobile devices is a huge advantage to the criminals behind such attacks.
The researchers noted that the firm has decided to keep more details about the attack under wraps for now.
⭕Follow us on
⭕Instagram :- https://instagram.com/ii__dedsec
⭕Twitter. :- https://twitter.com/chang33z
⭕Website :- https://www.dedseec.com
⭕Google+ :- https://plus.google.com/+dedsec
SUBSCRIBE US ON YOUTUBE FOR MORE UPDATES
Love you all ????????????????
Share, Support, Subscribe!!!
About : DedSec is a YouTube Channel, where you will find technological videos in Urdu And Hindi, New Video is Posted Everyday :) *****THANKS FOR WATCHING*****
DISCLAIMER: This Channel DOES NOT Promote or encourage Any illegal activities , all contents provided by This Channel is meant for EDUCATIONAL PURPOSE only .
Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use.
hi sir,some course link is not work,if you open group on teligram it is very helpfull for us.plz try as soon as possible������
ReplyDelete