Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.
Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser (a
dynamic SIM toolkit), embedded on most SIM cards that is widely being
used by mobile operators in at least 30 countries and can be exploited
regardless of which handsets victims are using.
A specific private company that works with governments is actively
exploiting the SimJacker vulnerability from at least the last two years
to conduct targeted surveillance on mobile phone users across several
S@T Browser, short for SIMalliance
Toolbox Browser, is an application that comes installed on a variety of
SIM cards, including eSIM, as part of SIM Tool Kit (STK) and has been
designed to let mobile carriers provide some basic services,
subscriptions, and value-added services over-the-air to their customers.
you can read the full article