More than a billion phones are affected by this breach. Researchers at AdaptiveMobile Security, one of the world's leaders in mobile network security, have discovered the existence of a rift affecting SIM cards. Called SIMjacker, this fault can be exploited with ease and disconcerting results, explains PhonAndroid and no manufacturer or device with a SIM card is spared.
The breach allows, with a simple text message, to take full control of a smartphone and track the victims. In concrete terms, by sending an SMS containing a specific code to a mobile phone, the SIM card receives instructions to take control of the device and execute certain orders or recover data. To do this, hackers use a software contained in any SIM card, the "S @ T browser" or SIM Alliance Toolbox browser, which allows operators to manage their SIM card fleet remotely.
A fault already exploited on a large scale
The problem is, an attack via this fault is undetectable. The SMS sent is designed not to trigger notification. It therefore remains invisible to the smartphone owner, but allows to retrieve the IMEI number of the device, explains Futura Sciences, as well as information about the base station to which the phone is connected. With this information, the author of the SMS can locate an individual. Piracy of the SIM card also allows you to send a text message without a victim's knowledge from their smartphone, make calls or force the launch of web pages.
Read also: be careful if you borrow the phone charger from an unknown person
The flaw has already been used on a large scale, including by a private company working with governments and probably for targeted surveillance, says AdaptiveMobile Security researchers. They also state that the breach is being actively exploited, stating that "in one country we see about 100-150 specific mobile numbers targeted by Simjacker attacks per day, with peaks of 300 numbers in one day".
The results of the study were shared with the GSM Association and SIM Alliance organisations in order to alert operators and improve the security of the new SIM cards. However, for the time being, there is no way to protect against this fault that affects Apple, Motorola, Samsung, Google or Huawei, except by using a SIM without the "S @ T browser" suite. Operators could also change the security settings of SIM cards and uninstall the software remotely. But the operation is likely to be rather long and difficult.
SOS Public Hospital: our revelation...
The best smartphones for gaming in...
Google Maps: activate the new widge...
Free tips in video: Free Mobile off...