What is Simjacker?
SimJacker is a type of SMS fraud that exploits a vulnerability present in certain older SIM cards still used in some regions that enables them to be taken over and controlled by third parties.
First identified in 2019, SimJacker is reportedly a threat in 29 countries, particularly in central and south America including Mexico, Colombia and Peru, with up to a billion SIM cards potentially affected.
As the attack is via the SIM card, it is device agnostic with no particular model of phone more or less vulnerable.
How do Simjacker attacks work?
SimJacker is a threat to SIM cards that contain a certain library which make them susceptible without having to be physically in the hands of hackers.
Phones are initially ‘hijacked’ when they are sent a specially formatted text message which includes a set of commands which either harvest information from the phone for transmission back to the hackers, or instruct the phone to take certain actions. These can include:
- Send messages from the victim’s phone, for example to ask friends and family for money
- Dial high-cost premium rate numbers from the phone to steal money from the victim
- Spread malware by sending instructions to the phone to download them from a specified website
- Track the phone’s location and potentially identify when the owner is away from home
In most cases this takes place silently with no indication to the victim until it is too late.
How to avoid a Simjacker attack?
For mobile phone subscribers there is no way of preventing an attack if the SIM card in their phone is vulnerable. The responsibility for prevention lies with telco operators in affected regions who need to update their SIM technology and working practices to close down the vulnerability.