Exactly one month ago, researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.
The SimJacker vulnerability resides in the S@T (SIMalliance Toolbox) Browser dynamic SIM toolkit that is embedded in most SIM cards used by mobile operators in many countries. The experts discovered that that the exploitation of the vulnerability is independent of the model of phone used by the victim.
Now Adaptive Mobile published the list of countries where local mobile operators are using SIM cards affected by the Simjacker flaw, anyway the company did not name the impacted mobile phone carriers.
“This varies by country and region. From our
Below the full list of countries published by the experts:
The S@T Browser application is installed on multiple SIM cards, including eSIM, as part of SIM Tool Kit (STK), it enables the SIM card to initiate actions which can be used for various value-added services.
Since S@T Browser implements a series of STK instructions (i.e. send, call, launch browser, provide local data, run command, and send data) that can be executed by sending an SMS to the phone.
The Simjacker attack involves an SMS containing commands that instruct the SIM Card in the phone to ‘take over’ the phone.
The attacker could exploit the flaw to
The experts explained that the attack is transparent to the users, the targets are not able to notice any anomaly.
Adaptive Mobile revealed that a private surveillance firm was aware of the zero-day flaw since at least two years and is actively exploiting the SimJacker vulnerability to spy on mobile users in several countries.
Experts also added that the vulnerability has been likely exploited by
After the flaw was publicly disclosed, the researchers at
Experts at Adaptive Mobile also analyzed the impact of the recently disclosed WIBattack and explained that it impacts a smaller number of users compared with SimJacker. Experts estimated that only 8 operators in 7 countries are using SIM cards vulnerable to the attack.
“WIB is a propriety SIM card technology like S@T which reports show could also be exploited via ‘Simjacker-like’ attacks. However, it’s important to state that we haven’t seen any attacks involving WIB.” concludes the report. “The WIB technology itself seems less prevalent that the S@T Browser (see diagram below and section 7 of the report), and available
The following graph shows the number of Vulnerable Countries & Operators for S@T Browser and WIB.
“This has important implications for all Mobile Operators if they wish to deal with attacks from threat actors like this in the future.” concludes the report.”It means that previous ways of relying on recommendations, with no operational investigation or research won’t be enough to protect the mobile network and its subscribers, and what’s worse, will give a false sense of security.”