Researchers discovered a security flaw new contact card (SIM), the researchers said: the more than one million smart phone may be compromised due to exploitation by malicious actors of this cell in the current time.
Found researchers at the company AdaptiveMobile Security bug a security card contacting the portable allows (Simjacker), and use the back to track the user’s location, intercept calls, and by sending short message (SMS) to the smartphone of the victim.
Issued researchers blog exposed of their vulnerability, they explained that the glitch (Simjacker) has been exploited already by a private company for the past two years.
The company said: this vulnerability is now being used actively by a company, a particular working with governments to monitor individuals, and (Simjacker) and The Associated exploitation of the enormous leap in complexity and sophistication compared to the attacks that have been seen previously across the network core portable.
She said, “involves an attack (Simjacker) the main message short text containing a specific type of code similar to spyware, which is sent to the mobile phone, which give the instructions for the card contact inside the phone to control the device to execute commands sensitive”.
And use the glitch (Simjacker) to launch attacks against the individuals and communications, including fraud, unwanted calls, and training information, denial of Service and trade.
Given that the vulnerability linked to the technology embedded in the card contacts (SIM) and not for a specific device, it is likely to affect every smart phone uses a calling card, regardless of manufacturer or model.
The migration Wizard technology integrated into contact cards allow ([email protected] Browser) or (SIMalliance Toolbox Browser), which has been updated last time in 2009.
It uses the mobile operators in 30 countries at least, a technical ([email protected] Browser), which displays up to a million people at risk are using Apple devices; the Huawei; for Motorola; for Samsung; and Google.
Although the technology is generally used to navigate through the calling card, but it can also be used in a number of functions, such as opening a browser; and library services; and the formation of a ring tone, and much more.
Once you use (Simjacker) open a browser a smartphone, it is possible to redirect the target device to open malicious sites known to infect the device with malware.
Did not identify company AdaptiveMobile Security Group that was using a bug (Simjacker), but she said: We can say with a high degree of certainty, the source is the company control great professional, with the capabilities of the highly sophisticated in both the signal and the phones.
Researchers gave details about this exploitation to the Union operators and the Mobile Association (GSMA), and they continue the investigation into how the attacks while searching for other forms of exploitation (Simjacker).
And AdaptiveMobile: the telecom companies affected can stop the attacks by analyzing suspicious messages that contain orders ([email protected] Browser) and prohibition.