Cybersecurity researchers have revealed a new vulnerability which is critical and dangerous. According to the latest finding of the research group the vulnerability exists in SIM cards. This SIM card vulnerability can allow any threat remote attacker to access mobile phones numbers and then use the victim’s cell phone number to get details of his credential data just by sending an SMS. This SIM card vulnerability is popularly dubbed as SimJacker which resides in particular software known as [email protected] Browser (a dynamic SIM toolkit) which is inbuilt in most of the SIM cards. Which makes the SimJacker threat a more nefarious and alarming is that the SIM cards which have the [email protected] software inbuilt onto it are that these SIM cards are used in at at least 30 countries? All the mobile subscribers are under the threat of getting scammed and can have their vital data and information stolen. What is more worrisome is that a private company having tie-ups with the government is using the crucial SimJacker vulnerability to target citizen for two years. The company is conducting targeted surveillance on the citizen by exploiting this vulnerability.
Image Source: www.helpnetsecurity.com
[email protected] Browser which stands for SIMalliance Toolbox Browser is a software application which is inbuilt on a variety of SIM cards, including eSIM which is a part of SIMTool Kit (STK). Basic services, subscription, and value-added services are provided by [email protected] software. Since [email protected] Browser contains a series of STK instructions—such as send a short message, setup call, launch browser, provide local data, run a command, and send data—that can be triggered just by sending an SMS to a device. According to the researchers, all manufacturers and mobile phone models are vulnerable to the SimJacker attack. As the vulnerability exploits a technology embedded on SIM cards.
Image Source: www.hackread.com
Source: The Hacker News
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.