AdaptiveMobile, the company that first discovered the SimJacker vulnerability that exposes millions of SIMs worldwide, has published the list of 29 countries where SIMs exposed to risk are in use. Unfortunately there is also Italy.
“From our analysis we were able to identify 61 mobile operators (excluding MVNOs) in the 29 countries that use this technology. Based on public information relating to the cumulative number of subscribers of operators using the S @ T browser, we reach approximately 861 million mobile connections (SIM cards). Not all SIM cards of the operators can use this technology. By consulting some operators in the LATAM region (Latin America) we have been informed that the majority of SIM Cards (over 90%) in their network are affected by the flaw, "reads the technical paper.
The complete list of 29 countries is as follows:
- Dominican Republic
- El Salvador
- Costa Rica
- Ivory Coast
- Saudi Arabia
For those who don't remember it, SimJacker uses S @ T Browser, an application installed on different types of SIM and eSIM cards, as part of the SIM ToolKit (STK), and normally used by operators to start specific actions on the SIM card in a "silent" manner, for example to activate value-added services or disable them others, simply by sending an SMS to the desired SIM.
Precisely by taking advantage of this feature, any attackers can take total control of the smartphone without the user becoming aware of anything, collecting data on the location, retrieving the IMEI, sending messages to contacts on behalf of the victims, performing scams by calling high-ranking numbers , spying on users by making environmental interceptions, forcing the browser to go to malicious sites in order to spread malware, or disable the SIM, perform DDoS attacks and even withdraw files from the smartphone's memory.
The situation fortunately improves by analyzing instead the other attack recently discovered, WIBattack, which conceptually works in the same way as SimJacker but which uses another service (Wireless Internet Browser) to get control of the device. In fact, according to the data held by AdaptiveMobile, only 8 operators in 7 countries would use SIMs vulnerable to this attack. In this case also Italy does not exist and the nations involved are located in Eastern Europe, Central America, Asia and West Africa.