#Privacy: Remote Simjacking campaigns could disrupt SIM cards in 29 countries

Adaptive Mobile Security has published a new report detailing SimJacker attacks and the number of countries affected. 

The report identified 29 countries across five continents to which mobile operators ship SIM cards vulnerable to Simjacker attacks. 

The countries include Mexico, Dominican Republic, Brazil, Peru, Saudi Arabia, Iraq, Italy, Bulgaria, Nigeria, Ivory Coast and more. Of the 29 countries, customers of a total of 61 mobile operators are currently using vulnerable SIMs with S@T Browser toolkit.

The researchers said: “The most probable, conservative estimate is that mid to high hundreds of millions of SIM Cards globally are affected.”

In the report, the researchers state that an unnamed surveillance company has been abusing the Simjacker vulnerability as a method of obtaining intelligence on its targets. 

During the last quarter of 2018, researchers detected unusual SMS events, which when monitored 25,000 Simjacker messages attempting to be sent to 1,500 unique mobile devices was recorded. 

Mobile users located in Mexico were the primary targets, however a small number of attacks were found targeting users in Colombia and Peru, aiming to gather unique iMEI identifiers and location information. 

“We believe that prior to the discovery, they would have successfully tracked the location of many thousands of mobile subscribers over months and probably years.

“We also observed the attacker experiment over time with new potential forms of attack using the vulnerability. The number, scale, and sophistication of modifications of the attack are significantly beyond what we have witnessed from any attacker over mobile networks.”

The researchers stress that the main targets are people of interest to nation-state customers, and not the “average” person. 

If users want to protect themselves there is an updated SIMTester app which will inform users if they have the S@T Browser app installed on their SIM card, and if the app has been misconfigured. 

Additionally there are apps available, such as SnoopSnitch, which can detect attacks based on suspicious binary SMS.

“Taken all together; the complexity, scale and reactiveness of the threat actor using Simjacker means that we must regard the wider Simjacker attacks as a huge step forward in ambition and reach for attackers over the mobile network. 

“This has important implications for all Mobile Operators if they wish to deal with attacks from threat actors like this in the future. It means that previous ways of relying on recommendations, with no operational investigation or research won’t be enough to protect the mobile network and its subscribers, and what’s worse, will give a false sense of security.”


The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.