The Simjacker SMS attack showed how surveillance companies are using binary SMS to gain access to vulnerable SIM Card (UICC) applications on mobile devices for surveillance purposes. However there has been no in-depth follow-up since the research was revealed on what has changed, nor has there been an analysis of other potentially vulnerable UICC applications.

In this paper, we give a recap of the principals of the Simjacker attack and how it works. First, we will go into detail on what binary SMS are and their frequency in mobile networks. We will then outline details of other, previously undiscussed, UICC applications that have characteristics that mean they may also be vulnerable to attacks via UICC-destined binary SMSs, as well as their scale and distribution.

In the second part of this paper we will share new details from our experiences in detecting and blocking UICC-destined SMS attacks that exploit the Simjacker vulnerability – including the impact on the industry and on the attacker of releasing public information. We also cover information on a new attack delivery method used by the Simjacker attacker, as well as the scale of their attacks. This will show how these types of attacks are very much ongoing, and the importance of intelligence in stopping them.

Finally, we will explain what the mobile operator community has done since the release of the original Simjacker research, and what needs to be done in the future.