
Simjacker: SIM card flaw lets hackers hijack any phone by sending SMS - ohashi
https://simjacker.com
======
aroch
This is for the exploit release is probably more helpful:
[https://news.ycombinator.com/item?id=20951578](https://news.ycombinator.com/item?id=20951578)

~~~
dang
Ah, that's the same submission, which makes this one a dupe. Thanks!

~~~
ohashi
I tried to search for it beforehand and didn't find anything.

~~~
dang
Not to worry. That happens sometimes.

------
9HZZRfNlpR
Does anyone have additional information or leads about the private company
they suspect being behind it?

~~~
atdt
Five bucks says it's an Israeli company. The IDF's Unit 8200 is basically a Y
Combinator for spyware start-ups at this point.

------
java-man
Previous [lack of] discussion:

[https://news.ycombinator.com/item?id=20959313](https://news.ycombinator.com/item?id=20959313)

------
tzs
It looks like most phones on US carriers are safe from this.

According to T-Mobile and Sprint, their SIMs do not contain the S@T Browser.
AT&T says the same for their US SIMs. Verizon doesn't seem to have issued a
definitive statement, but say that they believe their SIMs are not affected.
See [1], [2].

[1] [https://arstechnica.com/information-
technology/2019/09/hacke...](https://arstechnica.com/information-
technology/2019/09/hackers-are-exploiting-a-platform-agnostic-flaw-to-track-
mobile-phone-locations/)

[2] [https://www.pcmag.com/news/370736/sim-card-flaw-poses-
spying...](https://www.pcmag.com/news/370736/sim-card-flaw-poses-spying-
threat-but-us-users-appear-to-be)

------
TwoBit
This article is effectively claiming that SIM card hardware has a back door
built in.

~~~
gaspoweredcat
i believe it is and it may well be right for the most part although likely
with a caveat or two, id wager it cant do much else than report certain info
back and it would rely on the sms app having location data permissions
(admittedly most will have agreed to this)

ive been hearing rumours of something like this coming out of russia where its
referred to as "pelengator" (searching will reveal little other than a vehicle
tracking app, ive heard about it from various gsm forums and chats etc but
wasnt convinced it was real)

------
derefr
Does this affect Apple's eSIMs?

------
dang
Url changed from [https://thehackernews.com/2019/09/simjacker-mobile-
hacking.h...](https://thehackernews.com/2019/09/simjacker-mobile-
hacking.html), which points to this.

------
test99
This is scary attack.

------
jlv2
But they've got an awesome animated logo, so it must be serious.

