Simjacker is the name that is applied to a vulnerability in a technology used on SIM Cards, which we observed has been exploited by a sophisticated threat actor to primarily track the location and get handset information for thousands of mobile users without their knowledge. This particular vulnerable SIM Card technology, is called the [email protected] Browser, the key issue with the [email protected] Browser technology is that its default security does not require any authentication, and as a
List of Affected Countries
According to the report, the list includes 29 affected countries across
five continents, where customers of a total of 61 mobile operators are
actively using vulnerable SIMs with [email protected] Browser toolkit:
- North America: Mexico, Guatemala, Honduras, Costa Rica, Nicaragua, Belize, El Salvador, Dominican Republic, and Panama.
- South America: Peru, Colombia, Brazil, Ecuador, Chile, Argentina, Uruguay, and Paraguay.
- Africa: Nigeria, Ghana, Benin, Ivory Coast, and Cameroon.
- Europe: Italy, Bulgaria, and Cyprus.
- Asia: Saudi Arabia, Iraq, Palestine and Lebanon.
Some victims avoided getting hacked
ZDNet also spoke with some of the other victims over the weekend. Some candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.
One victim, who wanted to remain anonymous, said that once hackers realized access to cryptocurrency exchange accounts was not possible, intruders quickly switched tactics and targeted social media and email accounts, successfully hijacking the victim’s Instagram account.
This exact same thing also appears to have happened to other users, with hackers taking over social media accounts over the past week when they realized they couldn’t access cryptocurrency accounts.
Simjacker message attack structure
These attacks could be used to fulfil such purposes as
- Mis-information (e.g. by sending SMS/MMS messages with attacker controlled content)
- Fraud (e.g. by dialling premium rate numbers),
- Espionage (as well as the location retrieving attack an attacked device it could function as a listening device, by ringing a number),
- Malware spreading (by forcing a browser to open a web page with malware located on it)
- Denial of service (e.g by disabling the SIM card)
- Information retrieval (retrieve other information like language, radio type, battery level etc.)
How to Prevent Yourself from SimJacker Attacks
1.HARDEN YOUR ACCOUNT
In light of increasing attacks against customer’s accounts, the major US cell phone providers have introduced new security features to make it harder for hackers to take over accounts and telephone numbers.
2.DON’T LINK YOUR NUMBER TO YOUR ONLINE ACCOUNTS
Once hackers steal your phone number, they leverage it to reset the password on any online account that’s linked to the number. In many cases, this bypasses two-factor authentication. That’s why having control of a phone number is so powerful.