It is crucial that the approach is mute. While SMS is used, no notifications are displayed. An intruder can receive frequent updates without revealing its activity. The exploit is also device-independent and has been used for iPhones, numerous Android brands and some SIM-equipped Internet of Things devices.
And it's not just a theoretical exercise. The Surveillance Company reportedly used Simjacker for at least two years in more than 30 countries (mainly in the Middle East, North Africa, Asia and Eastern Europe). While most goals were "only" reviewed a few times a day over long periods of time, a handful of individuals were targeted hundreds of times over a period of one week ̵
Networks should be able to thwart these attacks. Simjacker sends code rather than plain text, so it should be possible to block the code. However, it can be difficult to coordinate this response if one billion people live in the affected countries. And while it is unlikely that you will be attacked by this particular organization, nothing prevents a similarly capable attacker from launching a more comprehensive campaign. It may take a while to assume that your SIM card is not a potential weakness.