In response to the recent Simjacker reporting iTWire approached all three Australian-based telcos for their response to the issue.
As background, the SIMjacker vulnerability was related to the use of "intelligent" SIM cards which were capable of processing configuration commands issued by the phone operator. Well, that was the theory. In fact, the interface was almost totally unprotected and was able to blithely execute any commands delivered to the device by a "bad dude".
The original research paper estimated that about 1 billion phones might be vulnerable, suggesting that another two billion or so were not (based on an estimate of about 3 billion active devices).
A Telstra spokesperson said, "We don't believe our SIM cards are vulnerable to SIMJacker, however we are actively reviewing information as it becomes available and, as always, we continue to collaborate with researchers and the industry on this and other cyber security matters."
In speaking with a Vodafone representative, iTWire was advised that the company is quite certain that their customers are safe from this specific method of "hacking" as they do not make use of the S@T browser.
Similarly for Optus, their spokesperson told iTWire, "I can confirm our SIMs do not use the S@T browsers so we are not exposed to this vulnerability. Furthermore, we also mitigate against this specific issue by blocking illegitimate binary SMS messages that could address the SIM vulnerability described."