With the advancement of technology, the risks involved with using it also advance. Sim is a piece of tech, quite simple to the eye but quite remarkable as well. Simjacking used to be the only SIM-based exploit that could put your phone at risk.
Now there is a new boy in town, Ginno Security Lab has discovered another vulnerability in WIB Simcard that take can be used to take remote control of the WIB (Wireless Internet Browser) app. This exploit has been named WIBattack by the research team at the lab.
The exploit could track the location of the device, open phishing websites, send SMS, make a phone call, get victim’s location, launch other browsers (e.g. WAP browser), get victim’s IMEI and much more.
The lab has clarified that every phone o the world is vulnerable as the exploit does not depends on the mobile or the OS. While the researchers at Ginno say that “100s of millions” of the phone are potential victims, the reports submitted by SRlabs don’t agree to say the real number of potential victims is quite low.
Out of 800 randomly tested cards, only 10.7% had WIB installed on them, and only 3.5% were at risk. But still building on th WIBattck one might discover a new exploit.
People Also Read: Google Assistant will now be available with Chrome OS 77 update
Lakatos the chief researcher at the lab said in his blog “ #WIBattack: Vulnerability in WIB sim-browser can let attackers globally take control of hundreds of millions of the victim mobile phones worldwide to make a phone call, send SMS to any phone numbers, send victim’s location, launch WAP browser, etc.
We researched security in simcard and discovered the vulnerability in WIB simcard-browser that causes serious harm to hundreds of millions of telecom subscribers worldwide in 2015, and the vulnerability has not ever been published yet.
By sending a malicious SMS to victim phone number, attacker can abuse the vulnerabilities in the WIB sim browser to remotely take control of the victim mobile phone to perform harmful actions such as: send sms, make phone call, get victim’s location, launch other browsers (e.g WAP browser), get victim’s IMEI, etc.
The affection of the vulnerability in WIB spreads worldwide and puts hundreds of millions of telecom subscribers worldwide at risk. The security vulnerability comes from sim card, depends neither on mobile phone devices nor on mobile phone Operating System, so every mobile phone is affected.”