If you think being hacked is something that happens only when you visit harmful websites or download suspicious email attachments, think again.
In today’s world, everything has become as easy as sending a text, and unfortunately so has hacking.
The hot news in cybersecurity is that some attackers are exploiting people’s mobile phones just by sending an SMS reeking of spyware.
Thanks to S@T Browser embedded in the SIM cards, the attackers are using this loophole to enter into the victims’ mobile phones without their knowledge, let alone their consent.
The worst part is: Just receiving the damn message will put you at risk.
You must be kidding, Techbrewery!
Yes, we are joking. Except that we are not.
The researchers at AdaptiveMobileSecurity have published a report disclosing the issue and are calling the threat ‘SIMJACKER’.
According to them, a private company (working with the government!) is exploiting the SimJacker vulnerability from the last two years to put targeted mobile phones under surveillance across several countries.
All someone needs is a 10 dollar GSM modem and some hacking skills and they could:
- Retrieve your location and IMEI information
- Retrieve other important information about your mobile device
- Send fake messages on your behalf
- Dial premium rate numbers from your mobile
- Call themselves from your mobile phone and spy on your surroundings
- Force your phone to open a malicious web page, or even
- Disable your SIM card
I still don’t believe it. How is it even possible?
Because of the S@T Browser, duh!
You have heard of SIM Tool Kit, right? Well, the S@T Browser is a part of that. It is an application called SIM alliance Toolbox Browser and is made to allow your mobile carrier provide you with some basic services.
Remember how you send an SMS to subscribe to a Caller Tune?
That’s because of S@T Browser! Now you’re getting it.
Ok, tell me more.
Well, the good news is that the detailed paper about SimJacker is scheduled for public release in October, 2019, but the bad news is that now that this information is out there, hackers will try to level up their attack game.
Am I at risk? If yes, what can I do?
If you have a SIM card that is embedded with S@T Browser, you are at risk, irrespective of the device you are using.
Holy c*ap, that’s a problem.
The SIMalliance: They have acknowledged the threat and provided recommendations for SIM card companies to secure S@T Browsers.
Mobile operators: They can set up a procedure to block suspicious messages.
1. Ask for a SIM that has a proprietary security mechanism installed in it.
2. Keep an eye out for more information. Subscribing to our dedicated news blog might help. (Awareness is the first step toward cybersecurity.)
3. Or learn some hacking skills yourself (ethical hacking, obviously) and give it back to those attackers or at least protect yourself from them. TechBrewery trains you in cybersecurity, even if you have zero background. (Anyone can learn it, seriously.)
4. Tell your friends about the SimJacker and ask them to watch out.
If you have any ideas on how to stay safe from this attack, we would love to hear it in the comment section!
Stay tuned, stay safe.