WIBAttack: the new way to compromise SIM cards

A few weeks ago web application security specialists from AdaptativeMobile firm published a research about a new variant of attack against mobile devices via specially designed SMS, known as SIMjacker. In their report, the experts mentioned that the attack is based on the processing of these SMS being processed by S@T Browser, present on millions of SIM cards, further mention that using this attack it is possible to perform various malicious activities, such as sending SMS, launch a web browser remotely and collect data about the targeted mobile phone.

Moreover, the Ginno Security Lab organization discovered WIBAttack, a similar SIM attack based on the Wireless Internet Browser (WIB), designed by SmartTrust for browsing based on the SIM toolkit. Both firms reported the SIMjacker attack at the time, proving that this variant takes advantage of S@T Browser to trigger this attack.

Just like in S@T Browser, it is possible to control WIB remotely using Over the Air (OTA) SMSs, used by mobile phone companies to change the central network settings on a phone, mention the web application security specialists. Using this attack, a hacker could display arbitrary text or a fake icon on a smartphone screen, access a specific URL, collect target data, and make phone calls.

As if that wasn’t enough, both attack variants are silent and virtually impossible to detect, so a potential victim would find no clue to think that their device has been compromised.

One of Ginno Security’s web application security specialists, known as Lakatos, mentioned that because WIB specifications are not documented, it is a little more complex to exploit WIBAttack than the other versions of SIM card hacking techniques. The specialist adds that these flaws were discovered about four years ago, although the cybersecurity community kept this finding a secret because patching these kinds of vulnerabilities is really complex, plus they are very easy to exploit.

The findings have already been reported to GSM Association (GSMA), a group of mobile operators and the like, dedicated to standardization and implementations in mobile systems. After disclosing these findings, researchers’ efforts are focused on finding some protective measures against the possible use of backdoors on SIM cards, as these attacks have a reach of billions of mobile phone users.

In this regard, GSMA published a statement mentioning that: “Members of the mobile industry are considering both research and its potential impact on our users; we thank the researchers for their findings”.

According to web application security specialists from the International Institute of Cyber Security (IICS), GSMA implemented some measures to mitigate the risk of operating SIMjacker by manufacturers and operating companies, and claim be working on solutions against these potential attacks and ensure the provision of a secure service for the billions of SIM card users.