SIM card
  • Researchers reveal that 61 operators in 29 countries are vulnerable to Simjacker.
  • The company responsible for the development of the exploit hasn’t been named yet.
  • There’s a tool that can help you figure out if you’re vulnerable or not, and that’s all that you can do about it. 

As we reported about a month ago, there’s a new severe SIM card flaw that was discovered by researchers from the Adaptive Mobile Security. According to their initial revelations, the flaw is already under active exploitation by surveillance companies and involves the sending of an SMS to the target which is merely enough to infect them with spyware. Called the “Simjacker”, many researchers have stepped in to dispute the claims of it being so easy, as well as affecting over a billion people. In response to this, Adaptive Mobile has published the list of the 29 countries where local mobile operators give out vulnerable SIM cards.

Without further ado, here is the list:

  • Europe: Italy, Bulgaria, Cyprus
  • South America: Brazil, Peru, Colombia, Ecuador, Chile, Argentina, Uruguay, Paraguay
  • Central America: Mexico, Guatemala, Belize, Dominican Republic, El Salvador, Honduras, Panama, Nicaragua, Costa Rica
  • Asia: Saudi Arabia, Iraq, Lebanon, Palestine
  • Africa: Ivory Coast, Ghana, Benin, Nigeria, Cameroon
SimjackerSATBrowser
Source: Adaptive Mobile Blog

If you live in one of the above countries, it means that you may be vulnerable to silent spyware attacks, but not all operators in these countries are. If you’re getting anxious about this, call your SIM card provider and ask what the security level configuration of the [email protected] Browser app on your SIM card is.

Chances are that they won’t be able to answer this, but you should not freak out immediately. Adaptive Mobile Security has clarified that the only countries they’ve seen the flaw getting exploited are Mexico, Peru, and Colombia. If you want to test your SIM card and see if it’s vulnerable or not for yourself, the researchers have released a special tool for that is called “SIMtester”, which you may download and use for free. Other than figuring out whether or not you’re susceptible to Simjacker, there’s really not much else you can do about it.

SAT_WIB2
Source: Adaptive Mobile Blog

Adaptive Mobile Security is also unveiling another flaw right now, which they call “WIBattack”. This one is based on the WIB app, so it targets SIM cards that use that one instead of the old and deprecated [email protected] Browser. However, the number of affected users is a much smaller one compared to the Simjacker, with only eight operators in seven countries being vulnerable to it. Again, there’s not a lot that you can do about the WIBattack if you are vulnerable.

Are you worried about Simjacker, or do you consider this type of attack to concern only a small group of individuals? Let us know of your opinion in the comments down below, or on our socials, on Facebook and Twitter