WIBattack, a Simjacker-like vulnerability, could enable attackers to take over a mobile handset
WIBattack can compromise a target device by sending a text message to run malicious instructions on the SIM card
Security researchers at Ginno Security Lab have uncovered another SIM-based attack, dubbed WIBattack, that they claim could enable attackers to take control of key functions of a handset.
According to researchers, the attack abuses the little-known Wireless Internet Browser (WIB) app running on SIM cards to hijack a mobile device and to track the location of users.
Earlier this month, a team of security researchers from AdaptiveMobile Security said that they had found a SIM-based security vulnerability called Simjacker that could be impacting mobile operators in as many as 30 countries, potentially making more than one billion mobile phone users vulnerable to attacks.
The researchers claimed that the vulnerability was being exploited by a private surveillance firm working for various government agencies to spy on individuals, including political dissidents and journalists.
Simjacker exploit targets devices by taking advantage of a legacy feature of the SIM card, called S@T that was designed to launch browsers and to carry out some other functions on older phones.
In order to target a phone, an attacker needs to send a text message with some spyware-like code for S@T. The message instructs the SIM card to 'take over' the mobile phone and to execute some sensitive commands, but without triggering any kind of notification on the device.
A successful attack causes SIM to send a message containing sensitive information about device location and IMEI number to attackers.
According to Ginno Security Lab, WIBattack also targets a device by sending a text message to run instructions on SIM cards. A successful attack enables attackers to receive location data, send SMS and SS requests, start call, play a tone, point web browser to phishing sites, and to carry out various other actions.
The researchers said they first discovered WIBattack (as well as Simjacker) back in 2015, although the findings were not disclosed publically at that time.
While Ginno Security warned that "hundreds of millions" of handsets with WIB-capable SIM cards might be at risk, other security experts believe that the actual number of victims might be much lower than that.
According to ZDNet, security researchers at SRLabs tested 800 SIM cards, of which just 10.7 per cent had WIB installed, and only 3.5 per cent of such cards were vulnerable to a SIM-based like attack against WIB applet.
Moreover, information collected from more than 500,000 SnoopSnitch users revealed that only a small percentage of them had received OTA text messages, like the ones that attackers needed to exploit WIBattack and Simjacker.
SnoopSnitch is an Android app developed by SRLabs, which enables users to test their smartphones for various operating system, SIM, and mobile network security flaws.
SIMTester is a desktop app, developed by SRLabs, which can be used to test security flaws affecting SIM cards.