A new SIM card flaw discovered

Researchers at security company AdaptiveMobile Security have discovered a flaw in SIM cards that can be exploited to track a phone's location, and potentially take over the device.

Dubbed Simjacker, the exploit is built around specific codes sent by SMS message to the SIM card on target devices. That SIM card, which let's remember is the cellular and operator gateway for the device as well as one of its two key identifiers—the other being the device itself, is programmed to capture and forward information to the attacker. Initially that attack focuses on the retrieval of device identity and location, but it can then go further—denial of service and fraudulent calls for example.

What makes the attack scary is how the SMS messages can be designed to request and then retrieve location data from the victim's phone in secret. None of the incoming SMS messages will appear in the owner's inbox. The same vulnerability can also be used to launch the mobile browser on the phone, and direct the owner to download malware. To send off the SMS messages, the attacker needs a phone, a GSM modem, or an SMS account at an A2P (application-to-person) provider.

"We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals," security researchers from AdaptiveMobile Security said in a report released today. "We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance."

Read more -here-

• Google, Meta, Apple receive FCC approval to tap into airwaves for VR and AR
• State-sponsored hackers are leveraging WinRAR bug
• Amazon launches drug delivery by drone
• Unpatched Zero-Day being exploited in the wild, Cisco warns
• Apple plans to update iPhones in-store without opening the boxes
• Microsoft just bought Activision Blizzard for $69 billion