Author

Topic: {Warning}: Simjacker – Next Generation Spying Over Mobile Phone (Read 156 times)

legendary
Activity: 2912
Merit: 6403
Blackjack.fun
"At its simplest, the main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile phone , in order to retrieve and perform sensitive commands."

Not this again...
That spyware SMS is just a set of commands the phone recognizes and apart from open browser it is not able to do anything interesting.
Location? Who cares? Play tone? That at least could be annoying.

It also seems like most US carriers are unaffected.

All  Grin

Also:
Quote
ZDNet states that this theoretical attack tactic was known back in 2011
hero member
Activity: 1834
Merit: 759
I don't think this one "perform sensitive commands" will work on new phones(I'm sure it won't) but if the phone is rooted it might be possible.

That's right, these attacks are theoretical. The article states some of the commands would need user interaction. The only confirmed use of this exploit is for tracking targeted individuals:

According to AdaptiveMobile Security, an unnamed company that helps governments monitor individuals has been using the Simjacker method to track users for at least 2 years. The security firm says it has observed this surveillance company tracking hundreds of people in a single country through this method.

It doesn't look like there's any risk of having crypto stolen at all, since it's practically limited to tracking specific targets.That being said, it's still terrifying considering there's not much any of us can do if we have vulnerable SIM cards. It also seems like most US carriers are unaffected.
sr. member
Activity: 910
Merit: 351
I don't think this one "perform sensitive commands" will work on new phones(I'm sure it won't) but if the phone is rooted it might be possible.

If I understand the reports and this[1] correctly, then I think this attack should work irrespective of your devices. It's essentially trying to attack the SIM directly as if the attackers are the operator by sending various commands. But I do agree that not all of the commands might work, such as LAUNCH BROWSER. or SET UP CALL commands (at least it might requires user approval).

I think this simjacker is good if the attacker is the sim provider where we can use to locate our phone if it was stolen.

A thief will ditch the SIM card as soon as they stole the phone. It's useless. This was made for surveillance purpose, and that's clear. Police, hitman or mercenaries might use this to track their target and attack them when they're careless.

[1] https://en.wikipedia.org/wiki/SIM_Application_Toolkit
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
I don't think this one "perform sensitive commands" will work on new phones(I'm sure it won't) but if the phone is rooted it might be possible.

According to my research this simjacker only use for tracking a location and getting the Device ID so I think it won't affect our crypto wallet if you are infected with this spyware. But the device will keep send a location to the attacker which is not safe they can use it to monitor your daily location.

I think this simjacker is good if the attacker is the sim provider where we can use to locate our phone if it was stolen. Because the "find my device" feature on new phones only send location if it is connected to the internet. So this one doesn't need the internet to send the phone location.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
if there are already victims with this kind of attack?.
Probably there is, as mentioned in some reports related to this, that the malware has been used to spy people already for 2 years. Though I see no reports that the main cause of hacking is this simjacker, but it possibly one of those strategy they used to access some important details of their victims.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
It could be really dangerous if it will happen. Well, it could be prevented if the mpbike operators can block the s@t browser command that can spy the person's phone as mention in that report. Do you have information if there are already victims with this kind of attack?.
legendary
Activity: 2576
Merit: 1655


According to this report,  there is a new exploit that has been running around for almost two years now. And what's scary is that this is more sophisticated as compare to other exploits that's been discovered in the wide. I was also under the impression that this exploits not only involves Android, but IOS itself because as per article:

"At its simplest, the main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile phone , in order to retrieve and perform sensitive commands."

Although this is touted to be a spyware, but  I'm sure it will involved to target phone and look for crypto wallets and that makes this very dangerous. Samsung just rolled out their flag phone S10/S10+ will built in crypto, not sure about its security later. But is someone can really take over your phone then it's game over.
Jump to: