For representational purposes 
Hyderabad

Cybersecurity experts raise alarm over new SIM jacking threat

The vulnerability has to be addressed by mobile phone manufacturers and telecom service providers, he said.

Aihik Sur

HYDERABAD: A new kind of hacking threat targeting SIM cards of smart phones is on the rise. Cybersecurity officials say there is still no method to detect this threat, and that there could be millions of phones affected by it, unknowingly.

The attack called ‘Simjacker’, discovered by UK-based Adaptive Mobile Security (AMS), happens when a spyware code is sent to a mobile phone which then hacks the SIM card, and ‘takes over’ the mobile phone.
Explaining the vulnerability to Express, Global Cyber Security Forum’s chairman Sai Krishna said, “With this attack, anybody can get into anyone’s mobile, read messages, listen to the conversation and track real-time locations.”

Krishna added, “This attack happens, as there is a vulnerability in the SIM application Tool Kit (STK), which hackers exploit, by sending malicious code to it.

The problem becomes serious as STK software either comes embedded with the phone or from the telecom provider.”  

For the uninitiated, the STK software is found in smartphones, and it is used to initiate actions which can be used for various value-added services like subscribing to caller tunes and so on.

Unlike Google Play or iStore apps over which a user has controls, the STK software comes pre-installed, and users do not have control over it.

“If one downloads a malicious app from Google Play, antivirus software can detect it. However, as for STKs, there is no mechanism present in the public sphere to detect the threat. So, if someone hacks your device, there is no technology to detect it,” Krishna said.

The vulnerability has to be addressed by mobile phone manufacturers and telecom service providers, he said.

“Both the manufacturers and the service providers need to ensure that this vulnerability is patched,” added he. On October 3, AMS is going to disclose the full scope of this threat in a conference in the UK.
However, prior to that, AMS in a blogpost set the alarm bells ringing with this teaser: “We are quite confident that this exploit has been developed by a specific private company that works with the government to monitor individuals.”

Follow The New Indian Express channel on WhatsApp 

Download the TNIE app to stay with us and follow the latest

Add TNIE As A Trusted Source

Also Read

NDA just 17 seats short of two-thirds majority in Rajya Sabha after AAP defection

Justice will prevail over politics of threat: Congress backs Khera as HC denies protection from arrest

K Kavitha launches new party 'Telangana Rashtra Sena' after exit from BRS

US pushes for direct talks in Islamabad as Iran demands indirect mediation

US rules out extending waivers for Russian and Iranian oil

SCROLL FOR NEXT