AdativeMobile had just announced in its official blog the existence of a long-time exploit that might have been snooping on mobile phones for a couple of years now. It is officially designated as Simjacker, and as the name ominously implies, it allows third-party hackers to spy on phones using the installed SIM card of that particular unit.
The method of its operation is basically defined in three steps. First, the Simjacker sends an SMS that, instead of regular text, contains code that functions as spyware on the target mobile phone. Second. the sent code then executes instructions to hijack the phone via the SIM card. Lastly, with the SIM card being taken over, commands can then be sent to perform even more unauthorized actions, such as collecting usage information, or monitoring its location.
Simjacker is highly effective because it attacks the SIM card directly. Specifically, it targets the outdated legacy technologies that are not provided with updated security measures as of today. Originally, the browser Simjacker uses to take over the SIM card is a direct feature of its system that allowed it to communicate account balances connected with that particular SIM. Since the code masquerades as an SMS, it is received and read directly without being stopped or intercepted.
According to AdaptiveMobile, there is a very good likelihood that Simjacker was developed by a single private company that is hired by several governments to spy on important targets. Why exactly? The assessment never revealed. But it is quite chilling to consider the possibilities, especially with how easy could Simjacker just taker over a SIM card, without even the phone user ever noticing that something even happened.
As of now, AdaptiveMobile provided a strong suggestion to several mobile operators to actively monitor such types of messages being sent around their own networks. It has also contacted the GSM Association, which it hopes would take action in light of the existence of this major mobile phone security exploit. Lastly, AdaptiveMoible is hoping that SIM card development protocols be updated as soon as possible, in order to add new security recommendations that would directly prevent Simjacker, and other similar exploits, to even function in the near future.
Now, for the big question, can you protect yourself right now against Simjacker? The answer is no. There is no app or hardware tweaking that can help you if your phone becomes affected by Simjacker. Would you be targeted by Simjacker? Most likely not. Unless you are someone important enough to require government surveillance, there is very little chance that your phone will be spied upon by this menacing exploit.
At least, so long as just one organization is using them at the moment.
Featured Image credit via AdaptiveMobile