At least one billion people are at risk.
To loot cybercriminals using Simjacker just use the device with an active SIM card. Just enough. The hacker is able to retrieve the phone's IMEI number using a specially crafted binary SMS. Thanks to this, without any involvement on the part of the injured person, the criminal can remotely access text messages, call remotely from a given number to premium numbers or track the user's actions.
AdaptiveMobile Security reports that the method allows abuse in the interface used by mobile operators. It is with its help that we are able to check, among others minute account balance or data packet consumption. By communicating with the SIM card, a hacker can send commands to it, bypassing the smartphone's system security system. According to experts, the exploit was created by a private company working on behalf of the government of one of the countries to monitor citizens.
It is currently impossible to effectively defend against the Simjacker method. Selected US telecommunications companies are already underestimating the problem by saying that the SIM cards of selected operators are resistant to this attack method. However, Ars Technica reports that there are already several thousand people worldwide who have been victims of the exploit.
At the moment we know so much that potentially about 1 billion users are at risk smartphones in "at least 30 countries in the world". Details will be announced on November 3 at the Virus Bulletin conference in London.
Source: AdaptiveMobile Security