SIM Hijacking

This technical blog investigates how leaked phone numbers can be leveraged to attack SIM cards and mobile subscribers, covering threats such as SIMjacker, OTA Remote File Management (RFM) via TARs, SMS re-routing, and SIM swapping; it explains SIM internals (ATR, APDU, EF/DF/MF), SIM Application Toolkit and TARs, demonstrates AT/APDU command-based interactions, and documents empirical testing (tools, setup, and >60 SIMs tested) identifying vulnerable SIMs and practical exploitation methods.