Simjacker spyware attack using SMS (2 photos)

Hackers and government intelligence agencies are becomingmore sophisticated when developing tracking systems for victims or suspects. The latest innovation, which touched upon the technology of tracking the location of a subscriber of mobile telephone networks, first used SMS messages for this.

AdaptiveMobile Security Expertsidentified a vulnerability in mobile telephone networks, using which it is possible to track the user's location. According to experts, the vulnerability, called Simjacker, is implemented through hacking SIM-cards and has been actively used by criminals for two years. It is noteworthy that experts believe that monitoring of customers of mobile operators can be carried out by government agencies.

Technically, hacking Simjacker is carried out aftersending an SMS message containing a special code similar to hacker software to the user's phone, rather than a traditional link to malicious files. Thus, hacking is carried out directly from SMS.

A message arriving on the phone gives a command tocapture of the device, and the user himself does not receive information not about the arrival of SMS, nor about the transfer of information about his whereabouts in subsequent messages. All malicious SMS are not stored in the folders of incoming or outgoing messages.

By capturing the user's phone,attackers can take any action from the phone: initiate a call, send SMS and USSD messages, completely block the SIM card, go online.

Source: securitylab