Conversational modules
Programmable Channels
Platform functionality
Business segments
Industry verticals
Department
Our services
Solutions for telecoms
The Infobip advantage for telcos
See why leading telecoms around the world choose Infobip to transform their network
Telecom CPaaS partnerships
Create new B2B revenue streams with our omnichannel communications platform
Telecom core & security
Anam Protect Firewall
Secure your network from SMS and Voice fraud with our firewall that protects 120+ operators
SMS Firewall
Ensure all A2P SMS traffic is properly charged and eliminate revenue leakage with our SMS Firewall
Community & Resources
Knowledge hub
Title
What is simjacker?
Simjacker is a type of SMS fraud that exploits a vulnerability present in certain older SIM cards still used in some regions that enables them to be taken over and controlled by third parties.
First identified in 2019, SimJacker is reportedly a threat in 29 countries, particularly in central and south America including Mexico, Colombia and Peru, with up to a billion SIM cards potentially affected.
As the attack is via the SIM card, it is device agnostic with no particular model of phone more or less vulnerable.
How do Simjacker attacks work?
SimJacker is a threat to SIM cards that contain a certain library which make them susceptible without having to be physically in the hands of hackers.
Phones are initially ‘hijacked’ when they are sent a specially formatted text message which includes a set of commands which either harvest information from the phone for transmission back to the hackers, or instruct the phone to take certain actions.
These can include:
- Send messages from the victim’s phone, for example to ask friends and family for money
- Dial high-cost premium rate numbers from the phone to steal money from the victim
- Spread malware by sending instructions to the phone to download them from a specified website
- Track the phone’s location and potentially identify when the owner is away from home
In most cases this takes place silently with no indication to the victim until it is too late.
How to avoid a Simjacker attack?
For mobile phone subscribers there is no way of preventing an attack if the SIM card in their phone is vulnerable.
The responsibility for prevention lies with telco operators in affected regions who need to update their SIM technology and working practices to close down the vulnerability.