Mobile security lab, Ginno Security, has just discovered a new SIM card vulnerability that makes use of a Wireless Internet Browser (WIB) built into a SIM card to activate over-the-air (OTA) services.

Called WIBattack, its exploit starts with an SMS (SMS) from the attacker’s phone. A malicious OTA SMS containing the WIB command is sent by the attacker to the victim’s mobile phone number.

Wibattack

How WIBattack Attacks Its Victims’ Phone Numbers

The video below describes how WIBattack operates.

Ginno Security says that once the victim receives the OTA SMS, it forwards the command to the WIB browser in the victim’s SIM card. The WIB responds to the command and sends a PROACTIVE COMMAND to the victim phone. Following the commands on the SIM card, an attacker can send a call or SMS to any phone number using the victim’s details. In addition, it can also track the user’s geographic location.

How wibattack works

 

Currently, researchers have reported the WIBattack vulnerability to the GSM Association. The researchers recommend using SIMtester to test the SIM card to identify vulnerabilities in the WIB browser. In addition, they are developing SIM scanning devices that can run on Android devices.

At the beginning of this month, a mobile security company, AdaptiveMobile, also found a vulnerability in SIM cards (Simjacker). According to the report, the vulnerability can work on a low-security mobile phone network provider. It also uses malicious messages to steal phone users information. With time, it gathers enough information to make calls and other activities in place of the real owner.

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Captcha verification failed!
CAPTCHA user score failed. Please contact us!