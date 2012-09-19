More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn.

A vulnerability discovered in mobile SIM cards is being actively exploited to track phone owners’ locations, intercept calls and more – all merely by sending an SMS message to victims, researchers say.

Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM card-based vulnerability, dubbed “SimJacker.” The glitch has been exploited for the past two years by “a specific private company that works with governments to monitor individuals,” and impacts several mobile operators – with the potential to impact over a billion mobile phone users globally, according to by researchers with AdaptiveMobile Security.

“Simjacker has been further exploited to perform many other types of attacks against individuals and mobile operators such as fraud, scam calls, information leakage, denial of service and espionage,” said researchers with AdaptiveMobile Security in a post breaking down the attack, released Thursday.

They said they “observed the hackers vary their attacks, testing many of these further exploits. In theory, all makes and models of mobile phone are open to attack as the vulnerability is linked to a technology embedded on SIM cards.”

The attack stems from a technology in SIM cards called S@T Browser (short for SIMalliance Toolbox Browser). This technology, which is typically used for browsing through the SIM card, can be used for an array of functions such as opening browsers on the phone as well as other functions like setting up calls, playing ring tones and more.