A new SMS attack is going around posing as a threat to mobile phones and SIM cards. Named “Simjacker,” this exploit resides in a particular application embedded on most SIM cards. As the target is set on SIM cards, the exploit can attack any victim, regardless of the handset they may be using.
The way that the exploit works is quite tricky – an SMS is sent to your phone that contains the hidden software called S&T Browser, which is a part of the SIM Toolkit (STK). The toolkit allows mobile carriers to provide primary and value-added services and subscriptions to their customers. What makes this exploit scary is that the SMS does not present any notifications, which makes its victims unaware that they may potentially get hacked. Once the exploit successfully infiltrates the device, it can launch browsers, play sounds, and show unwanted popups without any prompt from the user. According to a research on Simjacker, affected SIM card users will have a potential risk of having their private information and data used by hackers for fraud, scam calls, data leaks, and espionage. Moreover, users are also vulnerable to unwanted location tracking, further compromising their privacy.
Mobile carriers and operators can assist in preventing these threats. Simjacker operates by sending a code instead of a traditional SMS, so blocking the code would eliminate these threats from attacking users. Until these measures have been put in place, its best to be cautious and take preventative steps such as:
- Use legitimate software or apps and ensure it is always up to date
- Back up important files, photos or documents
- Always be suspicious of unsolicited calls, SMS, instant messages, or emails
- Use antivirus software such as Trend Micro Mobile Security to prevent your phones from being compromised
Learn more about Trend Micro Mobile Security and other award-winning products here.