Vulnerability
iOS
Android
Threat Guidances
September 20, 2019

SimJacker

Lookout Recommendation for Admins

The responsibility for protecting against a SIM-based attack relies on the mobile operators. This is a classic attack against carrier infrastructure, Lookout protections focus on threats from mobile phishing, mobile applications and device risks. This is a highly targeted attack to gather the target’s location data, and research shows only an attack on the SIM itself rather than at the device OS level or above. Carrying out this attack requires the attacker to be very knowledgeable about the SIM card stack and carrier infrastructure.

Overview

AdaptiveMobile Security, a telecom network security provider, uncovered a new and previously undetected vulnerability within SIM cards called Simjacker. According to researchers, this exploit was developed by a private company, but is apparently being leveraged by a government entity to monitor specific individuals. At the time of this document’s creation, Simjacker is now being called into question as outside researchers believe it to be limited in reach due to its reliance on legacy technology.

How Does it Work?

The primary exploit involves a specially crafted SMS message sent to the target device which tells the target device to send certain data location and device identifiers such as the IMEI to another attacker controlled mobile phone. The user is completely unaware of the attack and that information was accessed and exfiltrated. The primary data exfiltrated is the target’s general location, specifically cellular location data.

This attack is OS-agnostic, meaning it can target both iOS and Android devices. With it, attackers can potentially open a web browser, which researchers believe would likely rely on the S@T browser software as an execution environment, which they’ve seen being used by mobile operators in over 30 countries.

Authors

Lookout

Cloud & Endpoint Security

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.

Threat Type
Vulnerability
Platform(s) Affected
iOS
Platform(s) Affected
Android
Entry Type
Threat Guidances
Platform(s) Affected
Vulnerability
iOS
Android
Threat Guidances

Related Content

Chrome & Firefox Vulnerabilties

Google and Mozilla have both recently disclosed critical vulnerabilities in their respective Chrome and Firefox web browsers.

Read Threat Article

CVE-2024-8904, 9602, & 9603

Google has reported two new vulnerabilities in Chromium based browsers tracked as CVE-2024-8904 and CVE-2024-9602

Read Threat Article

CVE-2024-7971

Researchers at Microsoft recently discovered and reported a new zero day vulnerability in Google’s Chrome browser, which is tracked as CVE-2024-7971

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell