With many similarities to Simjacker, WIBattack takes advantage of Wireless Internet Browsing apps operating on SIM cards by sending a particular binary SMS. This is known as an OTA SMS and it will carry out STK (SIM Toolkit) instructions on targeted SIM cards. WIB apps support commands such as to get location data, start call, send SMS, send SS requests, send USSD requests, launch a web browser with a specific URL, display text on the device, and play a tone. WIB commands contained within malicious OTS SMS messages are sent to the target’s phone. When the message is received that commands are sent to the SIM card. PROACTIVE COMMAND is sent to the victim’s phone as a response from the WIB. Once this is completed, an attacker will have the ability to track the targeted phone, send texts or make calls to any number, and listen in on private conversations. With hundreds of millions of devices likely operating with a SIM card that has a WIB app, this could put a large number of people at risk.
Analyst Notes
Users should test their SIM cards with applications such as the SIMtester app. This will be able to tell if the SIM card is vulnerable and how such vulnerabilities can be mitigated.
