Attacks work by sending commands directly to applications stored on SIM cards.
...
The so-called Simjacker exploits work across a wide range of mobile devices, regardless of the hardware or software they rely on, researchers with telecom security firm AdaptiveMobile Security said in a
post. The attacks work by exploiting an interface intended to be used solely by cell carriers so they can communicate directly with the
SIM cards inside subscribers’ phones. The carriers can use the interface to provide specialized services such as using the data stored on the SIM to provide account balances.
Simjacker abuses the interface by sending commands that track the location and obtain the IMEI identification code of phones. They might also cause phones to make calls, send text messages, or perform a range of other commands.