Leo Laporte and IT security analyst and former Apple and Atari software engineer Steve Gibson are the hosts to a podcast/YouTube series on cybersecurity in which they brilliantly addressed SIM Jacking attacks in episode 732.
“It is a new SIM card flaw,” stated Gibson. “This is discovered being actively exploited in the wild, which allows attackers to hijack ANY PHONE just by sending it an SMS message.”
According to Gibson, the previously undetected flaws were being consistently exploited by a private enterprise that works with the government to monitor individuals. This type of attack is a huge leap compared to historical attacks on SIM cards in the past. The way the attacks work is that the sender sends an “SMS containing a specific spyware-like code” to a mobile device of the recipient. The code teaches the SIM card to send information constantly to the attackers without the consent or awareness of the owner of the targeted phone. It also continues to perform attacks against other individuals, such as using the SIM for “scam calls, fraud, information linkage, denial of service and espionage”. Adaptive Mobile Security threat intelligence analysts suggest that over “a billion” mobile phone users are open to attacks.
Engadget reports that the attackers would be able to get the “updates without giving away their activity”. The attack was used toward many types of devices such as iPhones, Androids and other Internet of things devices with SIM mounted into it. The private surveillance company stated that this type of intrusion has been used more than 30 countries for more than two years. Furthermore, there are cases where a majority of people have been targeted multiple times. Shockingly, the highest number of times a device was penetrated was 250.
In brief, most of the mobile phones around the world would be vulnerable with this type of attack, and the attackers would be able to obtain much valuable information with minimal effort.