What is SIM Jacking??
SIM Jacking is when someone impersonates you to your cellular provider in order to steal your cell phone number. The individual (or individuals) who SIM Jacked you could be your next door neighbor, but more likely they are halfway across the world, operating as a heat seeking missile in search of unprotected assets.If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and proprietary security mechanisms implemented by dynamic SIM toolkits that come embedded in modern SIM cards.
Out of many, two such widely used SIM toolkits — S@T Browser technology and Wireless Internet Browser (WIB) — have yet been found vulnerable to SimJacker attacks, details of which we have provided in our previous articles published last month.
1 - List of Affected Countries
Though the researchers did not name the affected mobile operators to prevent attackers from taking advantage of the disclosed vulnerability, they did reveal the names of countries where the vulnerable SIMs are still in use.
According to the report, the list includes 29 affected countries across
five continents, where customers of a total of 61 mobile operators are
actively using vulnerable SIMs with S@T Browser toolkit:
- North America: Mexico, Guatemala, Honduras, Costa Rica, Nicaragua, Belize, El Salvador, Dominican Republic, and Panama.
- South America: Peru, Colombia, Brazil, Ecuador, Chile, Argentina, Uruguay, and Paraguay.
- Africa: Nigeria, Ghana, Benin, Ivory Coast, and Cameroon.
- Europe: Italy, Bulgaria, and Cyprus.
- Asia: Saudi Arabia, Iraq, Palestine and Lebanon.
"The most probable, conservative estimate is that mid to high hundreds of millions of SIM Cards globally are affected," the researchers said.
On the other hand, there are only 8 mobile operators in 7 countries who are actively using the vulnerable WIB toolkit on their SIM Cards. These countries are spread across Eastern Europe, Central America, Asia, and West Africa.
2. How to Prevent Yourself from SimJacker Attacks
Unfortunately, there is no simple way for mobile subscribers to know whether a vulnerable SIM browser toolkit is deployed on their SIM card or not.
Though there are apps available, like SnoopSnitch,
that you can download from Google Play Store to detect attacks based on
suspicious binary SMS, it requires your Android device to be rooted and
even knowing that won't help you much.
That's because, as a potential victim, there's very little you can do to protect yourself, except wait for your mobile operator to implement security measures or simply migrate your phone number to a different safe network, if available, which will provide you with a new SIM card.
Meanwhile, GSM Association (GSMA), a trade body that represents the interests of mobile operators worldwide, has provided some of the best ways to prevent and block these attacks to protect billions of mobile phone users worldwide.
In addition, the SIMalliance has also made some updates to its S@T browser specifications to improve the security of the SIM toolkits, and provided recommendations for SIM card manufacturers to implement security for S@T push messages.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our Reddit.
0 Comments