The hackers They are exploiting a weakness that most smartphones present to track the location of users and take advantage of other harmful actions, a group of security researchers have warned AdaptiveMobile Security in a report posted yesterday
According to these researchers, pirates use a method of attack based on SMS which is being used in the real world by a surveillance provider to track and monitor individuals.
"We are pretty sure that this exploit it has been developed by a specific private company that works with governments to monitor people, ”say the researchers. "We believe that this vulnerability has been exploited for at least the last two years by a highly sophisticated threat actor in several countries, mainly for surveillance purposes," they add.
The researchers say that this attack represents “a great leap in complexity and sophistication"Compared to the attacks seen previously on mobile networks and" a considerable escalation in the set of skills and abilities of the attackers. "
According to the researchers who discovered this attack, the so-called Simjacker exploits work on a wide range of mobile devices, regardless of the hardware or software they use.
The attacks they work by exploiting an interface intended to be used only by mobile phone operators so that they can communicate directly with the SIM cards inside the subscribers' phones. Operators can use the interface to provide specialized services, such as the use of data stored in the SIM to provide account balances.
Simjacker It begins with an attacker who uses a smartphone, a GSM modem or any A2P service to send an SMS message to the victim's phone number.
These SMS messages contain hidden SIM Toolkit (STK) instructions that are compatible with an application that resides on the SIM card instead of the phone.
The researchers say that this attack represents “a great leap in complexity and sophistication ”
Simjacker attacks have abused this mechanism to force phones of hacking victims to deliver location data and IMEI codes, which the SIM card later sends via SMS message to a third-party device, where an attacker Record the location of the victim.
The worst part is that the Simjacker attack is completely silent and the victims do not see any SMS message inside their inboxes or outlets, so they cannot suspect anything.
In addition, because Simjack exploits a technology that resides on the SIM card, the attack also works regardless of the user's device type. "We have observed that the devices of almost all manufacturers are aimed successfully to recover the location: Apple, ZTE, Motorola, Samsung, Google, Huawei and even IoT devices with SIM cards," the researchers explain.
The only good news is that the attack is not based on regular SMS messages, but on more complex binary codes, delivered as SMS, which means that network operators should be able to configure their equipment to block such data that crosses their networks and arrives to customer devices.