• MENU
  • Skip to right header navigation
  • Skip to main content
  • Skip to primary sidebar

SecNews In Depth IT Security News

  • Blog
  • Inet
  • Security
  • Investigations
  • tweaks
  • Views
  • TV
  • Search
  • Blog
  • Inet
  • Security
  • Investigations
  • tweaks
  • Views
  • TV
  • Search
Home / security / WIBattack: Researchers unveil new attack on SIM cards

WIBattack: Researchers unveil new attack on SIM cards

29 September, 2019, 4: 19 by Absent Mia Leave a Comment

YES

Some security researchers have discovered a new attack through SMS, which allows hackers to watch them Appliances users, taking advantage of their SIM cards.

The new attack is called WIBattack and it is very much like attack Simjacker, revealed earlier this month.

The two attacks work the same way. The difference is that they aim differently applications running on SIM cards.

Simjacker executes commands that target it S @ T Browser application. WIBattack sends commands to Wireless Internet Browser (WIB) app.

These are two Java applets, called Companies mobile phones install on SIM cards. Applications are designed to remotely manage client devices.

WIBATTACK

Ginno Security Labs researchers found that the WIB app was vulnerable to hacking attacks. However, they did not know if any had actually taken place attack.

Attackers can send a specially configured SMS (OTA SMS), which executes STK (SIM Toolkit) instructions to SIM cards.

The commands supported in the WIB app are similar to those of S @ T Browser. These are:

  • Obtain location data
  • Call
  • Send SMS
  • Send USSD requests
  • Send SS requests
  • Audio playback
  • Display text on the device
  • Launch an internet browser with a specific URL

Hackers carry out this attack to watch them users- steps. The attackers can locate the victim's location, make phone calls or listen to conversations.

Both WIBattack and Simjacker discovered 2015, but the researchers had not revealed their findings publicly.

According to their calculations, there are millions phones with SIM cards that have the WIB app.

However, the SRLabs research team specializing in telecommunications security, thinks that the problem is not so great. The researchers developed two applications known as SIMTester and SnoopSnitch.

SIMTester is a desktop application that helps users to check their SIM cards for errors security. SnoopSnitch is one Android application, which also detects vulnerabilities in SIM cards and operating system errors.

The researchers used the two applications to investigate the effect of Simjacker and WIBattack.

They examined 800 SIM cards. The results showed that most mobile phones no longer have S @ T and WIB applets.

The results were as follows:

  1. 9,4% of the tested SIMs had the S @ T applet installed
  2. 5,6% of SIMs are vulnerable to Simjacker because SIMs are not protected
  3. 10,7% of SIMs have the WIB applet installed
  4. 3,5% of SIMs are vulnerable to WIBattack attack
  5. Overall, 9,1% of tested cards were vulnerable to attacks against S @ T or WIB applet

Also, of the 500.000 SnoopSnitch users tested, few reported receiving OTA SMS messages, which are necessary to carry out the attacks.

Most of the messages targeted users in Latin and South America.

These results show that most users nowadays are not on risk. Only a handful of mobile providers worldwide sell SIM cards with both applications.

Users who want to check if their cards are running S @ T or WIB apps can use the SIMTest app.

However, even if there are two applications on the SIM card, this does not mean that the device is vulnerable. To attack, attackers must send OTA SMS messages to both applications. This can be blocked by mobile carriers, by activating security features in both SIM card applications.

"In the mobile field, Simjacker and WIBattack attacks seem less attractive to criminals than SS7 or social engineering attacks," said Karsten Nohl, SRLabs security researcher.

How useful was this post?

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

WIBattack: Researchers unveil new attack on SIM cards was last modified: September 29, 2019, 4: 19 by Absent Mia

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on 29 September | 16: 19 by Absent Mia

Competition: securityTag: SimJacker, attack

Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Previous Post: « Q4OS 3.9 for Windows users who do not want Windows
Next Post: Hacker steals 218 data from Zynga game company »

Reader Interactions

Comment Policy:

SecNews.gr does not immediately post comments. Malicious comments, comments that include ads, or comments with insults are deleted without any warning. We do not endorse the views expressed by our readers.


Leave a reply Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

Primary Sidebar

  • Base64 encoded image 35,600 Happy fans
  • Base64 encoded image 3,619 Followers

trending


Find out how much damage your SSD drive has to Windows 10
Lidl Black Friday deals: Maybe we get the Xbox One S at a low price?
Zorin OS 15 Lite to replace Windows 7
Windows 10 Version 1909 installation keys
Windows 7 hack to continue with support
Bliss OS run the latest Android on your computer
Windows 7 Too hard to die
Fake Windows Update is spreading Cyborg ransomware
Kickass Torrents: LOC 15 alternatively site for free movies and games!
SecNews MX Linux 19 x64 custom ISO release for Windows

tweaks

FBI: Beware! Connect your IoT devices to a separate network!

Microsoft: Spear-phishing is growing rapidly - How is it treated?

Comparium: Try your site in different browsers and OS

Find out how much damage your SSD drive has to Windows 10

SecNews MX Linux 19 x64 custom ISO release for Windows

7 pronunciation dictionaries to improve your English

Display the version of Windows on the desktop

Fido: easily download Windows ISO

Set when the password expires on windows 10

Set when the PIN expires in Windows 10

Copyright © 2010 - 2019 · SecNews | ToS | SiteMap | Contact

el Greek
ar Arabiczh-CN Chinese (Simplified)en Englishfr Frenchde Germanel Greekit Italianru Russian