spying on over 1 billion mobile phone users glo...

spying on over 1 billion mobile phone users globally

149°
Aap
Dimer Of The Year 2014
7
28272
391

https://cdn0.desidime.com/attachments/photos/585139/medium/6103936SIM-card-exploit-could-be-spying-on-over-1-billion-mobile-phone-users-globally.jpg?1568529975

Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage. AdaptiveMobile Security Threat Intelligence analysts observed the hackers vary their attacks, testing many of these further exploits. In theory, all makes and models of mobile phone are open to attack as the vulnerability is linked to a technology embedded on SIM cards. The Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in the Americas, West Africa, Europe, Middle East and indeed any region of the world where this SIM card technology is in use."-AdaptiveMobileSecurity

Researchers at a security firm named AdaptiveMobile Security have issued a report (via TNW) about a new vulnerability nicknamed Simjacker that uses your phone’s SIM card to spy on you. Because all makes and models of mobile phones can be used with Simjacker, over 1 billion handsets might be affected globally. The research firm says that it believes the vulnerability was developed by a private company that works with governments to monitor the locations of individuals around the world. The exploit also can help the attackers obtain the unique IMEI number belonging to each phone.
Some SIM cards supplied by GSM carriers contain what is known as the [email protected] browser found in the SIM Application Toolkit. Once used to launch browsers (like the WAP browsers found on feature phones back in the day), Simjacker sends a binary SMS message to the browser with instructions for it to obtain the location data and IMEI numbers and send the information to an “accomplice device” also using binary SMS. Since smartphones can use HTML browsers, the [email protected] browser has become obsolete. Despite this fact, AdaptiveMobileSecurity discovered that carriers in 30 countries representing over 1 billion mobile phone users have [email protected] technology active. That might overstate the actual number of those affected by the exploit since many carriers are no longer using SIM cards equipped with the [email protected] browser technology.

Some numbers were tracked hundreds of times over the course of a week

The report indicated that individuals are being tracked daily by Simjacker with some particular phone numbers being tracked hundreds of times over a seven-day period. The process of spying on a vulnerable handset requires a cheap GSM modem to send a message to a SIM card that contains the [email protected] browser technology. Using binary SMS, which is not the same as regular text messages, phones can be instructed to collect the requested information and disseminate it to a bad actor. The research report notes that “During the attack, the user is completely unaware that they received the attack, that information was retrieved, and that it was successfully exfiltrated.”

And Simjacker’s surveillance activities have now been broadened to “perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage.” The only positive thing about this attack is that it relies on older technology that in theory should be phased out. But until the [email protected] technology is completely removed from all SIM cards, Simjacker remains a threat. And as AdaptiveMobile Security’s chief technology officer Cathal Mc Daid said, “Now that this vulnerability has been revealed, we fully expect the exploit authors and other malicious actors will try to evolve these attacks into other areas.”
https://cdn0.desidime.com/attachments/photos/585140/medium/6103936WAP.jpg?1568530061
The GSM Association trade body says that it has been made aware of Simjacker and says that it has worked with the researchers and the mobile industry to learn which SIM cards are affected, and how the malicious messages being sent can be blocked.

https://www.phonearena.com/news/SIM-card-exploi...

8 Comments  |  
5 Dimers
Azf
Deal Cadet
77
567
9

So Esim Can Be Savior Now ?

Aap
Dimer Of The Year 2014
7
28272
391
TechnoFrendz wrote:

So Esim Can Be Savior Now ?

YES :- As for now only alternative
&
NO :- It’s continues Process , Evolve—> Adapt—> Discard—> Evolve

Cropped1680217898
Deal Cadet
108
613
11

One of my friends receiving OTP messages from multiple apps like flipkart, Snapdeal, Yatra, netmeds etc at same time where some of the apps hadn’t registered himself. Is any suspicious person try to do actions on his accounts or any other. Some other friend told that there will be one app which will automatically send OTP messages to the number he given. I’m not sure of those things. Is there any chance of sim simulation by hacker or anything else. Any dimer, comment please.

Missing
Deal Cadet
126
451
16
jaybro wrote:

One of my friends receiving OTP messages from multiple apps like flipkart, Snapdeal, Yatra, netmeds etc at same time where some of the apps hadn’t registered himself. Is any suspicious person try to do actions on his accounts or any other. Some other friend told that there will be one app which will automatically send OTP messages to the number he given. I’m not sure of those things. Is there any chance of sim simulation by hacker or anything else. Any dimer, comment please.

https://smsbomber.biz/protect...t/

Azf
Deal Cadet
77
567
9
jaybro wrote:

One of my friends receiving OTP messages from multiple apps like flipkart, Snapdeal, Yatra, netmeds etc at same time where some of the apps hadn’t registered himself. Is any suspicious person try to do actions on his accounts or any other. Some other friend told that there will be one app which will automatically send OTP messages to the number he given. I’m not sure of those things. Is there any chance of sim simulation by hacker or anything else. Any dimer, comment please.

Well, Thats Called Bombing Via Sms/Call From All Such Randoms Sites By Some Script/App/Site.
Ask Your Friend To Block Those Msgs/Calls.

Cropped1680217898
Deal Cadet
108
613
11
Expand
TechnoFrendz wrote:

Well, Thats Called Bombing Via Sms/Call From All Such Randoms Sites By Some Script/App/Site.
Ask Your Friend To Block Those Msgs/Calls.

Will they send through email?

Azf
Deal Cadet
77
567
9
Expand
jaybro wrote:

Will they send through email?

Yes, There Is Email Bomber Too. But They Can Send If They Know The Email Address.

Missing
Deal Cadet
83
426
17

Well this is not a vulnerability, the system is made that way, Crime Patrol nahi dekhte kya? stuck_out_tongue
If gormint is not able to track locations and imei of a mobile number how will they catch criminals? How will there keep a check on whereabouts of “anti-nationals”?
Though this vulnerability is useless with the advent of smart phone now gormint can directly listen to use, watch us through our phones

Missing