Big Simjacker vulnerability, and the good news for South African mobile subscribers
AdaptiveMobile Security has uncovered a new and previously undetected vulnerability and associated exploits, called Simjacker.
According to AdaptiveMobile Security, this vulnerability is currently exploited by a private company that works with governments to monitor individuals.
The main Simjacker attack involves an SMS containing a specific type of spyware-like code being sent to a mobile phone.
This code then instructs the SIM card in the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands.
“The location information of thousands of devices was obtained over time without the knowledge or consent of the targeted mobile phone users,” AdaptiveMobile Security said.
During the attack, the user is completely unaware that their device was compromised, that information was retrieved, and that it was successfully exfiltrated.
However, the Simjacker attack can, and has been extended further to perform additional types of attacks.
The video below provides an overview of how a Simjacker attack works and what information can be gathered.
Good news for South Africans
The good news for South Africans is that local SIM cards are not vulnerable to Simjacker attacks.
MTN told MyBroadband that it is aware of the exploit but that MTN South Africa’s SIMs are not at risk as the Security Level configuration targeted in the exploits is not in use by MTN.
MTN added that it is in contact with AdaptiveMobile Security and it continues to engage with the GMSA and its SIM vendors to protect its customers from any exploits.
“While our SIM configuration protects us from these exploits, we’re looking into safeguarding against unauthorized sources being able to terminate binary SMSs on our network which is the trigger for these exploits,” MTN said.
Vodacom also said it is aware of this “particular issue and has conducted extensive tests subsequent to the report being published”.
“We are confident that our customers are protected from this exploit and continue to invest significantly in our cybersecurity programme,” Vodacom told MyBroadband.