#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

mobile phone hacking | Breaking Cybersecurity News | The Hacker News

Category — mobile phone hacking
SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

Oct 12, 2019
Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS. If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and proprietary security mechanisms implemented by dynamic SIM toolkits that come embedded in modern SIM cards. Out of many, two such widely used SIM toolkits — S@T Browser technology and Wireless Internet Browser (WIB) — have yet been found vulnerable to SimJacker attacks, details of which we have provided in our previous articles published last month. At that time, a few experts in the telecom industry confirmed The Hacker News that the SimJacker related weaknesses were internally known to many for years, and even researchers also revealed that an unnamed surveillance company has been ...
More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

Sep 27, 2019
Remember the Simjacker vulnerability? Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers. If you can recall, the Simjacker vulnerability resides in a dynamic SIM toolkit, called the S@T Browser , which comes installed on a variety of SIM cards, including eSIM, provided by mobile operators in at least 30 countries. Now, it turns out that the S@T Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorization—regardless of which handsets or mobile operating systems victims are using. WIB SIM ToolKit Also Leads To SimJacker Attacks Following the Simjacker revelation, Lakatos, a researcher at Ginno Security Lab, reached out to The Hacker News earli...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

Sep 12, 2019
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed " SimJacker ," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on most SIM cards that is widely being used by mobile operators in at least 30 countries and can be exploited regardless of which handsets victims are using. What's worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries. S@T Browser , short for SIMalliance Toolbox Browser, is an application that comes installed on a variety of SIM cards, including eSIM, as part of SIM Tool Kit (STK) and has been designed to let mobile...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Sep 05, 2019
Twitter today finally decided to temporarily disable a feature, called ' Tweeting via SMS ,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number associated with the CEO account and abused this particular feature to post racist, offensive messages and bomb threats from it via SMS. Replicating a mobile phone number associated with someone else is a technique known as " SIM swapping ," where attackers social engineer a victim's mobile phone provider and trick the telecom company to transfer target's phone number to their own SIM card. Once they social engineered an AT&T employee and gained access to Dorsey's phone number, the Chuckling Squad hackers used the 'Tweeting via SMS' feat...
Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

Jan 16, 2019
A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication. VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud VoIP, and VoIP services to residentials and small businesses. Justin Paine , the head of Trust & Safety at CloudFlare, discovered an open ElasticSearch database last week using the Shodan search engine and notified the VOIPO's CTO, who then promptly secured the database that contains at least 4 years of data on its customers. According to Paine, the database contained 6.7 million call logs dating back to July 2017, 6 million SMS/MMS logs dating back to December 2015, and 1 million logs containing API key for internal systems. While the call logs included timestamp and duration o...
Android Adware abusing permissions, Collecting more than they need

Android Adware abusing permissions, Collecting more than they need

Oct 29, 2012
So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part downloading the right apps to boost its functionality. Android gives you the freedom to personalize your device, which has made it attractive to those who want their smartphones to be as unique as possible " Many apps will ask you to grant them network access so they can download updates. Others seek permission to read your phone's state and identity so calls won't disrupt them from doing what they're doing. Unfortunately, these permissions can be abused for criminal intentions. " Trendmicro  said in report. Before android applications was abusing permissions to access user's personal data, but now new generations of adware targeting Android smartphones are increasingly violating user privacy by grabbing personal information and using it without permission. Adware is software that is used to gather information about the users. This ...
Expert Insights / Articles Videos
Cybersecurity Resources