Telecom security researchers identify ‘Simjacker’ spyware, used to track SIM cards in Mexico, Colombia and Peru
Hackers are exploiting a vulnerability in software embedded in the SIM cards of hundreds of millions of phones to track users’ whereabouts—a novel form of spyware targeting one of the most important bits of hardware in a mobile device.
AdaptiveMobile Security, a Dublin-based telecommunications-security company, said it found the technique has been used for at least two years by hackers tracking phones in Mexico, Colombia and Peru. It said the vulnerability exists, however, in SIM cards in use across a much larger swath of the world.
“It’s the most sophisticated attack I’ve ever seen over these networks,” said Cathal McDaid, the company’s chief technology officer.
The technique, nicknamed “Simjacker” by the researchers, targets the latest in a series of vulnerabilities hackers have found to track the location of a phone without its user’s knowledge. Attacks targeting phones often involve some form of phishing, in which a victim clicks a link and inadvertently downloads malware that carries out commands for an attacker, like relaying location data.
In the case of Simjacker, hackers have managed to exploit a relatively old form of software found on some SIM cards that mobile operators have used in the past to send customers billing information or special offers. Essentially, hackers send secret text messages to particular SIM cards, which then send back information like the phone’s location.
Phones vulnerable to the hack number in the hundreds of millions across some 30 countries in South America, Africa and parts of Europe and the Middle East, AdaptiveMobile says, though it has so far only identified cases in the three Latin American countries. The total number of affected phones in those countries isn’t known, but the company said over a one-week period last month, it identified hundreds of phones being tracked with the technique.
The GSM Association, a trade body of mobile network operators, said it had sent out recommendations to carriers for identifying and patching the vulnerability, which it said affected a “minority of SIM cards” around the world. The GSMA “has been working with the impacted member operators to help implement these mitigations,” it said.
