Some numbers were tracked hundreds of times over the course of a week

The report indicated that individuals are being tracked daily by Simjacker with some particular phone numbers being tracked hundreds of times over a seven-day period. The process of spying on a vulnerable handset requires a cheap GSM modem to send a message to a SIM card that contains the S@T browser technology. Using binary SMS, which is not the same as regular text messages, phones can be instructed to collect the requested information and disseminate it to a bad actor. The research report notes that “During the attack, the user is completely unaware that they received the attack, that information was retrieved, and that it was successfully exfiltrated.”

And Simjacker’s surveillance activities have now been broadened to “perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage.” The only positive thing about this attack is that it relies on older technology that in theory should be phased out. But until the S@T technology is completely removed from all SIM cards, Simjacker remains a threat. And as AdaptiveMobile Security’s chief technology officer Cathal Mc Daid said, “Now that this vulnerability has been revealed, we fully expect the exploit authors and other malicious actors will try to evolve these attacks into other areas.”

The GSM Association trade body says that it has been made aware of Simjacker and says that it has worked with the researchers and the mobile industry to learn which SIM cards are affected, and how the malicious messages being sent can be blocked.