Security researchers have disclosed an SMS-based attack method being abused in the real world by a surveillance vendor to track and monitor individuals.
How it works :Simjacker begins with an attacker using a smartphone, a GSM modem, or any A2P (application-to-person) service to send an SMS message to a victim’s phone number.
These SMS messages contain hidden SIM Toolkit (STK) instructions that are supported by a device’s S@T Browser, an application that resides on the SIM card, rather than the phone.
The S@T Browser and the STK instructions are an old technology supported on some mobile networks and their SIM cards. They can be used to trigger actions on a device, like launching browsers, playing sounds, or showing popups. In the old age of mobile networks, operators used these protocols to send users promotional offers or provide billing information.
But AdaptiveMobile said the Simjacker attacks it observed abused this mechanism to instruct a victim’s phones to hand over location data and IMEI codes, which the SIM card would later send via an SMS message to a third-party device, where an attacker would log the victim’s location.
I recommend you guys reading this : https://www.wired.com/story/simjacker-attack-north-korea-security-news/
So any personnel thoughts about this?