SimJacker, there is also Italy among the 29 vulnerable countries


AdaptiveMobile, the company that first discovered the SimJacker vulnerability that exposes millions of SIMs worldwide, has published the list of 29 countries where SIMs exposed to risk are in use. Unfortunately there is also Italy.

Remember SimJacker, the vulnerability we told you about a month ago, that allows attackers to remotely obtain total control of the SIM and, with it, of the smartphone? The AdaptiveMobile researchers, who first discovered and reported the problem, now have published the complete list of countries where mobile operators use vulnerable SIM cards and unfortunately it is Italy is also present. However, the company has not appointed any operators at risk, nation by country.

“From our analysis we were able to identify 61 mobile operators (excluding MVNOs) in the 29 countries that use this technology. Based on public information relating to the cumulative number of subscribers of operators using the S @ T browser, we reach approximately 861 million mobile connections (SIM cards). Not all SIM cards of the operators can use this technology. By consulting some operators in the LATAM region (Latin America) we have been informed that the majority of SIM Cards (over 90%) in their network are affected by the flaw, "reads the technical paper.

The complete list of 29 countries is as follows:

central America

  • Mexico
  • Guatemala
  • belize
  • Dominican Republic
  • El Salvador
  • Honduras
  • Panama
  • Nicaragua
  • Costa Rica

South America

  • Brazil
  • Peru
  • Colombia
  • ecuador
  • Chile
  • Argentine
  • Uruguay
  • paraguay


  • Ivory Coast
  • Ghana
  • benin
  • Nigeria
  • Cameroon



  • Saudi Arabia
  • Iraq
  • Lebanon
  • Palestine

For those who don't remember it, SimJacker uses S @ T Browser, an application installed on different types of SIM and eSIM cards, as part of the SIM ToolKit (STK), and normally used by operators to start specific actions on the SIM card in a "silent" manner, for example to activate value-added services or disable them others, simply by sending an SMS to the desired SIM.

Precisely by taking advantage of this feature, any attackers can take total control of the smartphone without the user becoming aware of anything, collecting data on the location, retrieving the IMEI, sending messages to contacts on behalf of the victims, performing scams by calling high-ranking numbers , spying on users by making environmental interceptions, forcing the browser to go to malicious sites in order to spread malware, or disable the SIM, perform DDoS attacks and even withdraw files from the smartphone's memory.

The situation fortunately improves by analyzing instead the other attack recently discovered, WIBattack, which conceptually works in the same way as SimJacker but which uses another service (Wireless Internet Browser) to get control of the device. In fact, according to the data held by AdaptiveMobile, only 8 operators in 7 countries would use SIMs vulnerable to this attack. In this case also Italy does not exist and the nations involved are located in Eastern Europe, Central America, Asia and West Africa.

Source link


Please enter your comment!
Please enter your name here