SECURITY BOFFINS have uncovered another SIM-based attack, dubbed WIBattack, that they claim could enable attackers to take control of key functions of a handset.
According to researchers at Ginno Security Lab, the attack abuses the little-known Wireless Internet Browser (WIB) app running on SIM cards to hijack a mobile device and to track the location of users.
This discovery comes just weeks after security researchers from AdaptiveMobile Security found a SIM-based security vulnerability called Simjacker that could be impacting mobile operators in as many as 30 countries, potentially making more than one billion mobile phone users vulnerable to attacks.
The researchers claimed that the vulnerability was being exploited by a private surveillance firm working for various government agencies to spy on individuals, including political dissidents and journalists.
The Simjacker exploit targets devices by taking advantage of a legacy feature of the SIM card, called [email protected], that was designed to launch browsers and to carry out some other functions on older phones.
In order to target a phone, an attacker needs to send a text message with some spyware-like code for [email protected] The message instructs the SIM card to 'take over' the mobile phone and to execute some sensitive commands, but without triggering any kind of notification on the device.
A successful attack causes SIM to send a message containing sensitive information about device location and IMEI number to attackers.
According to Ginno Security Lab, WIBattack also targets a device by sending a text message to run instructions on SIM cards. A successful attack enables attackers to receive location data, send SMS requests, start calls, play tones, point a web browser to phishing sites, and to carry out various other actions.
The researchers said they first discovered WIBattack (as well as Simjacker) back in 2015, although the findings were not disclosed publically at that time.
While Ginno Security warned that "hundreds of millions" of handsets with WIB-capable SIM cards might be at risk, other security experts believe that the actual number of victims might be much lower than that.
According to ZDNet, security researchers at SRLabs tested 800 SIM cards, of which just 10.7 per cent had WIB installed, and only 3.5 per cent of such cards were vulnerable to a SIM-based like attack against WIB applet.
Moreover, information collected from more than 500,000 SnoopSnitch users revealed that only a small percentage of them had received OTA text messages, like the ones that attackers needed to exploit WIBattack and Simjacker. µ
You could soon buy that ivory backscratcher on Marketplace in a few taps
Just in case you're too posh for Whole Foods
Borked butterfly mechanism is dead
AI nirvana in the cloud