Researchers from Ginno Security Labs have detailed a new SIM card attack which is similar to the Simjacker attack. Dubbed WIBattack, this attack vector allows attackers to track users' devices by exploiting the Wireless Internet Browser (WIB) apps that are running on SIM cards.
More details on the attack
In order to exploit WIB apps, attackers need to send a specially formatted binary SMS (called an OTA SMS) that will execute STK (SIM Toolkit) instructions on SIM cards.
The commands supported on a WIB app includes,
How does WiBattack work?
Ginno Security Lab researchers noted that an estimated number of hundreds of millions of devices are running SIM cards with a WIB app.
In order to uncover the vulnerabilities in the WIB app, researchers recommend testing SIM cards with the SIMtester app. Furthermore, the researchers are in the process of developing a SIM scanning device that runs on android devices.