Vulnerability
iOS
Android
Threat Guidances
September 20, 2019

SimJacker

Lookout Recommendation for Admins

The responsibility for protecting against a SIM-based attack relies on the mobile operators. This is a classic attack against carrier infrastructure, Lookout protections focus on threats from mobile phishing, mobile applications and device risks. This is a highly targeted attack to gather the target’s location data, and research shows only an attack on the SIM itself rather than at the device OS level or above. Carrying out this attack requires the attacker to be very knowledgeable about the SIM card stack and carrier infrastructure.

Overview

AdaptiveMobile Security, a telecom network security provider, uncovered a new and previously undetected vulnerability within SIM cards called Simjacker. According to researchers, this exploit was developed by a private company, but is apparently being leveraged by a government entity to monitor specific individuals. At the time of this document’s creation, Simjacker is now being called into question as outside researchers believe it to be limited in reach due to its reliance on legacy technology.

How Does it Work?

The primary exploit involves a specially crafted SMS message sent to the target device which tells the target device to send certain data location and device identifiers such as the IMEI to another attacker controlled mobile phone. The user is completely unaware of the attack and that information was accessed and exfiltrated. The primary data exfiltrated is the target’s general location, specifically cellular location data.

This attack is OS-agnostic, meaning it can target both iOS and Android devices. With it, attackers can potentially open a web browser, which researchers believe would likely rely on the S@T browser software as an execution environment, which they’ve seen being used by mobile operators in over 30 countries.

Authors

Lookout

Cloud & Endpoint Security

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.

Threat Type
Vulnerability
Platform(s) Affected
iOS
Platform(s) Affected
Android
Entry Type
Threat Guidances
Platform(s) Affected
Vulnerability
iOS
Android
Threat Guidances

Related Content

Lookout Attributes Two Android Spyware Families to Uzbekistan Intelligence

Researchers at the Lookout Threat Lab have discovered two Android surveillance families dubbed BoneSpy and PlainGnome attributed to Uzbekistan's State Security Service

Read Threat Article

CVE-2025-24201 on iOS

CISA recently provided guidance for CVE-2025-24201, an out-of-bounds write issue in WebKit. There has been evidence of active exploitation of this CVE.

Read Threat Article

Lookout Discovers New Spyware by North Korean APT37

Lookout researchers have discovered a novel Android surveillance tool dubbed KoSpy. It is attributed to APT 37 aka ScarCruft.

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell