The vulnerability slumbers in many mobile phones and can be activated via SMS: Researchers from Ireland have observed attackers sending malicious software to SIM cards in order to spy on users.
With the so-called SIM jacker method, smartphones should be easily transformed into bugs and tracking devices, said the IT security company AdaptiveMobile Security. The vulnerability affects up to one billion mobile phones worldwide. The affected SIM card technology is used in America, West Africa, Europe and the Middle East.
According to the researchers, a smartphone, among other things, be forced to send its current location to an attacker. You can also force the phone to call a number, send a picture message, open a web browser or completely disable the SIM card.
User gets nothing from the attack
The malicious code is sent with a specially formatted SMS to the so-called S @ t browser, a software that some manufacturers install on SIM cards, even if it has not been updated for ten years and is actually no longer needed these days. Previous attempts to attack the SIM card merely sent links to malware websites, the report said. In the case of the recent attacks, however, the code is delivered directly with the SMS to dictate commands to the SIM card.
The malicious code may force the card to send the current location and the IMEI, a unique serial number from which, among other things, the device model can be read. The user does not notice, as no SMS is displayed in the folder with received or sent messages. "During the attack, the user is completely unaware that he received the SMS with a SIM jacker attack message," the report said.
The researchers have reportedly observed between 100 and 150 attacks per day in different countries. But there are also rashes with up to 300 attacks on phones per day. Here are devices of almost all smartphone manufacturers such as Apple, Samsung, Huawei and Motorola surfaced. In principle, however, all devices that are operated with SIM cards should be vulnerable. These include, for example, some tablets, watches, cameras and laptops.
Network operators in Germany consider themselves prepared
From their observations, the researchers conclude that this is not mass surveillance. The method of attack was designed so that "a large number of people can be monitored for various reasons." It is "fairly certain that this malware was developed by a particular private company that works with governments to monitor individuals."
The researchers recommend that mobile operators filter out incoming S @ t browser commands and block suspicious SMS. It would also be conceivable to dispense with the S @ t browser technology, but this could complicate the control of the SIM cards.
The mobile service providers in Germany see the endangerment by SIM-Jacker left. A Vodafone spokeswoman told the SPIEGEL on Friday that the satellite browser will not be used at Vodafone. "Vodafone Germany is not affected by the SIM jacker hacker method." This obviously also applies to Telefónica. The SIM cards did not get the required S @ t browser software, says a spokeswoman for the network operator. "Customers of Telefónica Deutschland are not affected by these attacks."
Also with the Telekom one sees no cause for concern. It is in regular contact with the SIM card manufacturers. There is currently no indication that the cards are affected by the vulnerability, a spokesman said.