What exactly is Simjacker?
It is a kind of software exploit which helps track down the mobile location of users of mobile networks through malicious SMS messages. This vulnerability is said to be found in 30 countries (unnamed), whose total population exceeds one billion
how the Simjacker works:
Although Simjacker is quite an intricately-executed exploit, I’ll try to give you a simple overview of how it claims its victims. First of all, the perpetrator sends an SMS “attack message” to a victim which contains instructions to the SIM card.
These instructions utilize a specific piece of software called the [email protected] Browser that’s in every SIM card. From there the [email protected] Browser can communicate with the target smartphone to return information to the attacker. This information from the target phone is then relayed back to the malicious party in the form of another SMS message.
During the attack, the user is completely unaware that they received the attack, that information was retrieved, and that it was successfully exfiltrated,” researchers explain.
The location information of thousands of devices was obtained over time without the knowledge or consent of the targeted mobile phone users. However the Simjacker attack can, and has been extended further to perform additional types of attacks