- Tram Ho
Researchers at security firm AdaptiveMobile Security have released a report about a serious vulnerability called SimJacker using your phone’s SIM to spy on you.
With all mobile phones affected by this vulnerability, more than 1 billion phones worldwide could be hacked. The security research firm said it believes the flaw was developed by a private company that works with governments to monitor the position of individuals around the globe. This vulnerability could help attackers to obtain IMEI numbers specific to each phone.
The SIM cards provided by GSM carriers contain the S @ T Browser, part of the SIM Application Toolkit. As a SIM card executable, this browser is used by carriers to provide value-added services to customers, such as downloading ringback tones, notification of missed calls, or news. …
To launch the Simjacker exploit, hackers will send a binary SMS, which is used to transfer large amounts of data, such as ringtones, phone system settings and WAP text messages. . After receiving this binary SMS, the device will blindly forward that message to the SIM card without checking its origin.
The SIM card will then use the S @ T browser to execute the commands on that message – including obtaining location data and phone IMEI numbers. This information will be sent to an “accomplice device” also by binary SMS.
The report also emphasized that, during the attack, the victim will not know about it as well as the information was successfully collected and leaked out.
Besides exploiting the Simjacker vulnerability for surveillance activities, malicious behavior can also extend to ” performing any other type of attack on individuals and carriers such as calls. scams, spam, information leaks and denial of service attacks as well as eavesdropping . ”
Although modern browsers such as Chrome, Safari and Firefox dominate current smartphones and are not affected by this vulnerability, AdaptiveMobile recognizes that the S @ T browser is still being actively used. by GSM carriers in over 30 countries, equivalent to about 1 billion mobile phones globally.
However, the number of devices affected by this vulnerability may be much lower as many carriers no longer use SIM cards containing the S @ T browser.
The GSM Association says it knows about the Simjacker flaw and is working with researchers and the mobile industry to find out which SIM types are affected and blocking such malicious messages. come on.
Refer to PhoneArena
Source : Trí Thức Trẻ