- In order to exploit WIB apps, attackers need to send a specially formatted binary SMS (called an OTA SMS) that contain WIB commands.
- The commands supported on a WIB app includes Get location data, Start call, Send SMS, Send SS requests, Send USSD requests, and more.
Researchers from Ginno Security Labs have detailed a new SIM card attack which is similar to the Simjacker attack. Dubbed WIBattack, this attack vector allows attackers to track users' devices by exploiting the Wireless Internet Browser (WIB) apps that are running on SIM cards.
More details on the attack
In order to exploit WIB apps, attackers need to send a specially formatted binary SMS (called an OTA SMS) that will execute STK (SIM Toolkit) instructions on SIM cards.
The commands supported on a WIB app includes,
- Get location data
- Start call
- Send SMS
- Send SS requests
- Send USSD requests
- Launch a web browser with a specific URL
- Display text on the device
- Play a tone
How does WiBattack work?
- Attackers send malicious OTA SMS that contains WIB commands to the victim's phone number.
- Once the victim receives the OTA SMS it forwards the command to the WIB app in the victim’s Simcard.
- WIB responds to the command and sends PROACTIVE COMMAND to victim mobile phones, such as initiating a call, send SMS, and other info.
- Following this, an attacker can track the victim's location, send SMS to any number, or call to any number and eavesdrop conversations.
Ginno Security Lab researchers noted that an estimated number of hundreds of millions of devices are running SIM cards with a WIB app.
In order to uncover the vulnerabilities in the WIB app, researchers recommend testing SIM cards with the SIMtester app. Furthermore, the researchers are in the process of developing a SIM scanning device that runs on android devices.