A loophole in nearly 1 billion SIM cards allows hackers to geolocate and listen to calls from their victims, reveals the research team of cybersecurity firm AdaptiveMobile. Called Simjacker, this attack would have been used for more than two years by a surveillance company to spy on individuals.
Simjacker works by sending an SMS to the SIM card of the person we want to spy on. This message remains invisible to this person, but allows hackers to obtain information by accessing their SIM card.
It should be noted that many of the chips used by the general public are equipped with software called S @ T Browser, which used to be used by mobile phone providers to offer additional services to their customers.
Now obsolete, S @ T Browser is no longer used, but is still on several SIM cards. Since it has not been updated since 2009, it is very vulnerable to hackers, says the research team.
Since the software has the ability to download data via SMS, it could also allow Simjacker to send other malicious software to a victim without his knowledge.
Thousands of people spied unknowingly
According to AdaptiveMobile, geolocation information for thousands of devices has been obtained without the consent of targeted individuals for more than two years.
The cybersecurity firm says it thinks with a high degree of certainty that the source [of the attacks] is a large professional surveillance company “that works with governments to monitor individuals.”
AdaptiveMobile says it works “closely” with various mobile operators and SIM card manufacturers to protect the public from potential attacks using Simjacker.