Imagine the shock of finding out that your phone was hacked, only to discover that you were compromised due to a flaw that came with the software you just downloaded. That’s just one of many reasons why zero-day exploits are such a scary thing to behold.
They’re so dangerous, in fact, that many companies employ top-notch cybersecurity teams to track down, identify, and patch zero-day flaws before hackers even have a chance to exploit them. But what happens when researchers find a security flaw in a feature that’s part of nearly every major smartphone on the planet? That’s when you sound the alarm, of course.
Now, a critical exploit has been found inside an outdated feature built into the majority of smartphones in the world. With this flaw, hackers could easily access your private location data and use it to see where you’re going and when! Here’s what you need to know, and what it means for the future of mobile security.
Simjacker flaw found in most phones on the planet
Cybersecurity researchers from Ireland-based firm AdaptiveMobile Security have announced the discovery of a critical security flaw found in the majority of mobile phones using SIM card technology. This flaw, dubbed “Simjacker,” allows hackers to access a victim’s phone via a malicious text message that directly attacks the SIM card of a device upon opening.
Once installed, the malware harnesses an outdated function found on affected phones called the SIM Application Toolkit (STK), which was initially intended to allow SIM cards to access the internet directly in order to get data and activation instructions from carriers.
Hackers, however, can utilize this service to broadcast location data directly and device identifiers to a central source, which then can give them a clear picture of the victim’s precise geographic coordinates.
Has anyone been affected yet?
According to AdaptiveMobile, unlike some previous security flaws found in the wild, an unknown spyware firm has actually utilized the bug in order to track VIPs and political figures. Although scant on details, they allege that nation-state intelligence and police agencies are likely involved — further blurring the line between cybercrime and espionage.
Thankfully, the fact that the attackers are focusing on important people rather than ordinary folks like us should be somewhat comforting, but the fact that such a massive bug is floating out there is disconcerting, to say the least.
AdaptiveMobile is reportedly in contact with several major telecom companies in order to figure out a solution, and they plan on revealing more details on their Simjack discoveries at the upcoming Virus Bulletin conference in London this October.
Is there anything I can do to protect myself?
As of right now, there isn’t anything that can be done to alter a fundamental design flaw inherent to SIM-based smartphones. If any firmware patches are to be released, it will likely be in cooperation with device manufacturers and mobile phone companies. As of yet, no such plans have been announced.
What you can do, however, is make sure not to open up any mysterious text messages from unknown senders. This is the primary vector of attack, so if a malicious message stays unread and deleted, your phone will remain safe from harm.
There really isn’t any reason to open anything from an unknown sender these days, is there?