Researchers: ‘Simjacker’ Attack Silently Tracks Your Phone’s Location
Both Apple and Google spend a great deal of time and energy strengthening the security of their mobile platforms. No piece of software is perfect, but Android and iOS are overall very secure these days. That doesn’t matter when an attack can completely bypass your operating system. Researchers from AdaptiveMobile Security say they’ve uncovered an attack method dubbed Simjacker that can track users by sending a text message.
While sending a text message sounds simple, AdaptiveMobile says SimJacker is a very complex and sophisticated attack. The attacker can initiate Simjacker from any smartphone capable of sending SMS messages. These messages include a hidden Sim Toolkit instruction package that interacts with the S@T Browser. That’s an application residing on the SIM card inside many phones, not on the phone itself. Therefore, none of the security features of Android or iOS can block the attack.
The S@T Browser doesn’t exist on all SIM cards of mobile carriers, but it can be used to perform actions like launching websites or playing sounds. These are rarely used anymore, but carriers used to push ads and billing information via the S@T Browser. Simjacker abuses this system by telling the phone to provide the phone’s IMEI and network-based location data. Again, none of this happens in the operating system, and the message doesn’t even appear in the SMS app, so there’s no indication to the user anything is wrong. Next, Simjacker sends that data to another phone number where the data is harvested.
AdaptiveMobile says the attack works on devices from Motorola, Apple, Google, Huawei, and more. It’s all about the technology inside the SIM card, and this isn’t an attack that just popped up. AdaptiveMobile says it has found evidence that Simjacker has been active in highly targeted attacks for up to two years.
AdaptiveMobile has not revealed the company or government that is using Simjacker, but says it’s not a mass surveillance operation. Instead, the perpetrator is tracking a small number of targets multiple times per day. Some numbers investigated by the researchers were pinged for location hundreds of times per week.
The good news is that mobile operators should be able to quickly put a stop to Simjacker. It relies on sending binary code to devices in the form of an SMS rather than a normally formatted SMS message. That should make it easy to filter at the network level.