Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Majority of Simjacker Attacks Aimed at Mobile Phones in Mexico

Researchers believe hundreds of millions of SIM cards may be vulnerable to Simjacker attacks after determining that the targeted technology, despite being very old, is still used by at least 61 mobile operators across 29 countries.

Researchers believe hundreds of millions of SIM cards may be vulnerable to Simjacker attacks after determining that the targeted technology, despite being very old, is still used by at least 61 mobile operators across 29 countries.

AdaptiveMobile Security, a firm that specializes in cyber telecoms security, last month warned of a new SIM card attack method dubbed Simjacker. Simjacker involves sending specially crafted SMS messages to the targeted phone and it can be used to instruct the device to play a tone, send text messages, make phone calls, provide system information, launch a web browser, provide geographical information, and exfiltrate data.

An attacker can use Simjacker to track a user’s location, send SMS messages or make calls on the victim’s behalf, spy on users, deliver malware by opening malicious websites, and cause a denial-of-service (DoS) condition on the phone.

The Simjacker attack presented by AdaptiveMobile Security leverages a piece of legacy software still present on many SIM cards, the [email protected] Browser. The [email protected] Browser processes special SIM Toolkit (STK) instructions contained in SMS messages.

Despite not being updated since 2009, [email protected] Browser is still deployed by a significant number of mobile operators around the world. Tests conducted by AdaptiveMobile showed that the technology is present on SIM cards provided by at least 61 companies across 29 countries.

Affected regions and countries include most of South and Central America, Mexico, a small part of West Africa, Italy, Bulgaria, and the Middle East. While it’s difficult to determine exactly how many SIM cards are vulnerable to attacks, AdaptiveMobile estimates “mid to high hundreds of millions”. On the other hand, the company has pointed out that some operators may have deployed protections against these types of attacks on the network side and it’s possible that not all of their SIMs have [email protected] Browser.

Countries vulnerable to Simjacker attacks

AdaptiveSecurity says it has seen Simjacker attacks being launched in the past two years, likely by a surveillance company that offers its monitoring services to governments. A majority of the attacks were aimed at individuals in Mexico, with some exploitation attempts observed in Colombia and Peru.

The same threat actor has been known to launch attacks exploiting weaknesses in the SS7 international telecommunications standard.

“The complexity of the attacks, and the fact that it has access to multiple sources, means that it is in use by a complex, advanced entity with a wide range of skills, experience and resources. This matches the specific SS7 threat actor, who in our experience operate one of the biggest and most active SS7 attack ‘platform’ that we have observed in the world,” AdaptiveMobile said in a research paper.

The company noted, “We have more specific information on which surveillance company it could potentially be, but unfortunately, we are not able to reveal this information. To do so would reveal specific methods and information which would damage our ability to detect and block these attacks globally.”

Researchers from Ginno Security Lab recently disclosed another variant of the Simjacker attack, one involving the Wireless Internet Browser (WIB), which SmartTrust created for SIM toolkit browsing.

This method is similar to the [email protected] Browser attack — it allows the attacker to conduct the same type of activities and it’s also stealthy — but it’s more difficult to carry out.

However, data collected by AdaptiveMobile shows that WIB with no security mechanisms is only used by 8 operators across 7 countries in Eastern Europe, Asia, Central America and West Africa. Nevertheless, a few hundred million SIM cards may still be impacted. AdaptiveMobile says it’s not aware of any attacks targeting WIB.

Related: Many Vulnerabilities Found in Oracle’s Java Card Technology

Related: Stolen SIM Card Keys Could be Powerful Spy Tool

Related: Critical Flaw Exposes Mobile Devices, Networks to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.