Researchers at AdaptiveMobile Security recently detected a new vulnerability that is essentially impossible for the user to block. Further, they have detected its use going back at least two years.
According to Adaptive Mobile, “The main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands.
At its simplest, the main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile phone , in order to retrieve and perform sensitive commands. The first linked report provides additional technical insight. This vulnerability could easily be exploited for financial attacks.
This attack is very similar to the PoC and vulnerability highlighted last week by CheckPoint researchers. Their analysis stated that only Android phones were at risk however AdaptiveMobile researchers state that Apple phones were also vulnerable. I have included a link to that checkpoint research in the third link.
Find out how easy it is to roll out cyber security awareness training for your organisation. Ask for a demo now.