Skip to main content

BREAKING NEWS. More SIM Cards in Many Countries Are Discovered To Be Vulnerable to Remote Simjacker Attacks. Here is also Explained, How Your Sim Card is Hacked.

If i were you, i would through away the Hate for Reading and i would Read these Articles all because, just imagine that moment Your Sim Card is Hacked, Your Telephone is then Compromised and all Your Calls, SMS, Financial Details and other Crucial Information all become under the Control of Hackers.
Sad.
I inform the uninformed.
Read the Details from https://osutayusuf.blogspot.com and https://ugandan.tk for many more News Stories.
Thanks.
Yours Osuta Yusuf.
Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS.
If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and proprietary security mechanisms implemented by dynamic SIM toolkits that come embedded in modern SIM cards.
Out of many, two such widely used SIM toolkits — S@T Browser technology and Wireless Internet Browser (WIB) — have yet been found vulnerable to SimJacker attacks, details of which we have provided in our previous articles published last month.
At that time, a few experts in the telecom industry confirmed The Hacker News that the SimJacker related weaknesses were internally known to many for years, and even researchers also revealed that an unnamed surveillance company has been exploiting the flaw in the wild to spy on its targets.
Cybersecurity researchers at Adaptive Mobile Security have now released a new report, revealing more details about the SimJacker attacks and trying to address some important unanswered questions, like the number of affected operators and countries, along with details on attacks spotted in the wild.
1 - List of Affected Countries
Though the researchers did not name the affected mobile operators to prevent attackers from taking advantage of the disclosed vulnerability, they did reveal the names of countries where the vulnerable SIMs are still in use.
SimJacker vulnerability
According to the report, the list includes 29 affected countries across five continents, where customers of a total of 61 mobile operators are actively using vulnerable SIMs with S@T Browser toolkit:
North America: Mexico, Guatemala, Honduras, Costa Rica, Nicaragua, Belize, El Salvador, Dominican Republic, and Panama.
South America: Peru, Colombia, Brazil, Ecuador, Chile, Argentina, Uruguay, and Paraguay.
Africa: Nigeria, Ghana, Benin, Ivory Coast, and Cameroon.
Europe: Italy, Bulgaria, and Cyprus.
Asia: Saudi Arabia, Iraq, Palestine and Lebanon.
"The most probable, conservative estimate is that mid to high hundreds of millions of SIM Cards globally are affected," the researchers said.
SimJacker vulnerability
On the other hand, there are only 8 mobile operators in 7 countries who are actively using the vulnerable WIB toolkit on their SIM Cards. These countries are spread across Eastern Europe, Central America, Asia, and West Africa.
2- SimJacker Attacks in the Wild
According to the researchers, an unnamed surveillance company—active from at least 2015 and known for targeting users from multiple countries over the SS7 network—has been exploiting the SimJacker vulnerability to gather intelligence on its targets.
It all started when researchers detected unusual and suspicious SMS events in the last quarter of 2018, and when actively monitored, they recorded nearly 25,000 Simjacker messages attempted to be sent to 1500 unique mobile devices in a period of 30 days.
Web Application Firewall
The primary targets were Mexican mobile users, while a small number of attacks were also observed against mobile phone subscribers from Colombia and Peru, with an aim to obtain both location Information and unique IMEI identifiers.
"We believe that prior to the discovery, they would have successfully tracked the location of many thousands of mobile subscribers over months and probably years," the researchers said.
"We also observed the attacker experiment over time with new potential forms of attack using the vulnerability. The number, scale, and sophistication of modifications of the attack are significantly beyond what we have witnessed from any attacker over mobile networks."
SimJacker vulnerability
Researchers observed over 860 Simjacker attack sub-variants in the actual SMS Packet that were sent from at least 70 attacker-controlled mobile numbers.
Besides this, researchers also observed that the attackers were attempting to use dedicated SS7 attacks against some users in case SimJacker attacks failed.
3. How to Prevent Yourself from SimJacker Attacks
Unfortunately, there is no simple way for mobile subscribers to know whether a vulnerable SIM browser toolkit is deployed on their SIM card or not.
Though there are apps available, like SnoopSnitch, that you can download from Google Play Store to detect attacks based on suspicious binary SMS, it requires your Android device to be rooted and even knowing that won't help you much.
That's because, as a potential victim, there's very little you can do to protect yourself, except wait for your mobile operator to implement security measures or simply migrate your phone number to a different safe network, if available, which will provide you with a new SIM card.
Meanwhile, GSM Association (GSMA), a trade body that represents the interests of mobile operators worldwide, has provided some of the best ways to prevent and block these attacks to protect billions of mobile phone users worldwide.
In addition, the SIMalliance has also made some updates to its S@T browser specifications to improve the security of the SIM toolkits, and provided recommendations for SIM card manufacturers to implement security for S@T push messages.


Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.