Performing premium-rate scams by dialing premium-rate numbers,.Spreading mis-information by sending fake messages on behalf of victims,.Retrieving targeted device' location and IMEI information,.Since Browser contains a series of STK instructions-such as send short message, setup call, launch browser, provide local data, run at command, and send data-that can be triggered just by sending an SMS to a device, the software offers an execution environment to run malicious commands on mobile phones as well.ĭisclosed by researchers at AdaptiveMobile Security in new research published today, the vulnerability can be exploited using a $10 GSM modem to perform several tasks, listed below, on a targeted device just by sending an SMS containing a specific type of spyware-like code. What's worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several Browser, short for SIMalliance Toolbox Browser, is an application that comes installed on a variety of SIM cards, including eSIM, as part of SIM Tool Kit (STK) and has been designed to let mobile carriers provide some basic services, subscriptions, and value-added services over-the-air to their customers. Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.ĭubbed " SimJacker," the vulnerability resides in a particular piece of software, called the Browser (a dynamic SIM toolkit), embedded on most SIM cards that is widely being used by mobile operators in at least 30 countries and can be exploited regardless of which handsets victims are using.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |