Be Careful! These Cyber Attacks Now Come From Your SIM Cards

Though most of the cyber attacks affecting your smartphone come from malicious software, your SIM card may also pose a lot of security risk in a few cases. A team of security researchers from Adaptive Mobile recently discovered such a vulnerability that allegedly tracks people’s smartphones, called Simjacker. By sending SMS messages to give instructions for an app called S@T Browser, Simjacker starts harvesting location data and IMEI numbers when users launch browsers. After that, data recordings will be sent to an “accomplice device” without any consent of victims.

As described, the vulnerability approaches devices in a silent way, so users won’t get notifications when it uses SMS. Without giving away activities, an intruder can obtain frequent updates. Not only several brands of phones using Android OS but also iPhones and SIM-supported IoT devices have also been affected by this device-agnostic exploit.

As for the scope of the exploit, the surveillance company behind it has been accused of making use of Simjacker for at least two years in more than 30 countries all around the world, especially Asia, Eastern Europe, and Middle East regions. According to researchers, a bulk of victims were targeted a few times a day, the others were checked hundreds of times over the period of a week. It exceeds 250 times if we talk about the most prominent target, shortly. Adaptive Mobile believed it’s not a mass campaign of surveillance, but hasn’t yet confirmed whether it was used for what kind of specific purpose, for example, tracking criminals or political dissidents. Also, the company claimed that it’s mounting a highly-sophisticated operation.

If you’re lucky enough to not be under this attack, please keep in mind that potential threats with your SIM-equipped devices are still out there.