New SIM attack detected, similar to Simjacker

Criminals can track users, make phone calls and listen to conversations.

A team of researchers from Ginno Security Labs discovered and analyzed a new attack using SMS messages, which allows attackers to track user devices using little-known applications running on SIM cards. This attack, called WIBattack, is identical to the Simjacker attack, which researchers from AdaptiveMobile discovered in early September this year.

Both attacks work on the same principle and provide access to the execution of the same commands, but are designed for different applications running on SIM-cards.

If the Simjacker vulnerability affected the S @ T Browser application, then WIBattack affected the Wireless Internet Browser (WIB). Applications are Java applets that mobile operators install on SIM cards provided to customers. These applications provide the ability to remotely control the device and mobile subscriptions.

Attackers can send so-called OTA SMS messages that will execute STK (SIM Toolkit) instructions on SIM cards with disabled security features. As in the case of S @ T, using the commands supported in WIB, you can get geolocation data, make a call, send SMS, send SS and USSD requests, launch an Internet browser and open a specific URL, show text on the device, play the melody.

According to the researchers, thanks to this attack vector, criminals can also track users, make phone calls and listen to conversations. According to experts, the number of devices with SIM cards on which the WIB application is installed is “hundreds of millions”.

  • ru
  • en