A loophole in nearly 1 billion SIM cards allows hackers to geolocate and listen to calls from their victims, reveals the research team of cybersecurity firm AdaptiveMobile. Called Simjacker, this attack would have been used for more than two years by a surveillance company to spy on individuals.
Simjacker works by sending an SMS to the SIM card of the person we want to spy on. This message remains invisible to this person, but allows hackers to obtain information by accessing their SIM card.
It should be noted that many of the chips used by the general public are equipped with software called S @ T Browser, which used to be used by mobile phone providers to offer additional services to their customers.
Now obsolete, S @ T Browser is no longer used, but is still on several SIM cards. Since it has not been updated since 2009, it is very vulnerable to hackers, says the research team.
Since the software has the ability to download data via SMS, it could also allow Simjacker to send other malicious software to a victim without his knowledge.
Thousands of people spied unknowingly
According to AdaptiveMobile, geolocation information for thousands of devices has been obtained without the consent of targeted individuals for more than two years.
The cybersecurity firm says it thinks with a high degree of certainty that the source [of the attacks] is a large professional surveillance company “that works with governments to monitor individuals.”
AdaptiveMobile says it works “closely” with various mobile operators and SIM card manufacturers to protect the public from potential attacks using Simjacker.
Amy Wagstaff helped form Henri Le Chat Noir into what it is today by creating a new design and branding. She continues to assist in keeping the site responsive and well organized for the readers. As a contributor to Henri Le Chat Noir, Amy mainly covers mobile news and gadgets.