Simjacker: Exploiting the SIMalliance Toolbox Browser on Motorola Devices

Simjacker: Exploiting the SIMalliance Toolbox Browser on Motorola Devices

CVE-2019-16257 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.

Learn more about our Web Application Penetration Testing UK.