Wednesday, August 12, 10:44
Home security WIBattack: Researchers unveil new attack on SIM cards

WIBattack: Researchers unveil new attack on SIM cards

SIMs.Some security researchers have discovered a new attack through SMS, which allows hackers to watch them Appliances users, taking advantage of their SIM cards.

The new attack is called WIBattack and it is very much like attack Simjacker, revealed earlier this month.

The two attacks work the same way. The difference is that they aim differently applications running on SIM cards.

Simjacker executes commands that target it S @ T Browser application. WIBattack sends commands to Wireless Internet Browser (WIB) app.

These are two Java applets, called Companies mobile phones install on SIM cards. Applications are designed to remotely manage client devices.


Ginno Security Labs researchers found that the WIB app was vulnerable to hacking attacks. However, they did not know if any had actually taken place attack.

Attackers can send a specially configured SMS (OTA SMS), which executes STK (SIM Toolkit) instructions to SIM cards.

The commands supported in the WIB app are similar to those of S @ T Browser. These are:

  • Obtain location data
  • Call
  • Send SMS
  • Send USSD requests
  • Send SS requests
  • Audio playback
  • Display text on the device
  • Launch an internet browser with a specific URL

Hackers carry out this attack to watch them users- steps. The attackers can locate the victim's location, make phone calls or listen to conversations.

Both WIBattack and Simjacker discovered 2015, but the researchers had not revealed their findings publicly.

According to their calculations, there are millions phones with SIM cards that have the WIB app.

However, the SRLabs research team specializing in telecommunications security, thinks that the problem is not so great. The researchers developed two applications known as SIMTester and SnoopSnitch.

SIMTester is a desktop application that helps users to check their SIM cards for errors security. SnoopSnitch is one Android application, which also detects vulnerabilities in SIM cards and operating system errors.

The researchers used the two applications to investigate the effect of Simjacker and WIBattack.

They examined 800 SIM cards. The results showed that most mobile phones no longer have S @ T and WIB applets.

The results were as follows:

  1. 9,4% of the tested SIMs had the S @ T applet installed
  2. 5,6% of SIMs are vulnerable to Simjacker because SIMs are not protected
  3. 10,7% of SIMs have the WIB applet installed
  4. 3,5% of SIMs are vulnerable to WIBattack attack
  5. Overall, 9,1% of tested cards were vulnerable to attacks against S @ T or WIB applet

Also, of the 500.000 SnoopSnitch users tested, few reported receiving OTA SMS messages, which are necessary to carry out the attacks.

Most of the messages targeted users in Latin and South America.

These results show that most users nowadays are not on risk. Only a handful of mobile providers worldwide sell SIM cards with both applications.

Users who want to check if their cards are running S @ T or WIB apps can use the SIMTest app.

However, even if there are two applications on the SIM card, this does not mean that the device is vulnerable. To attack, attackers must send OTA SMS messages to both applications. This can be blocked by mobile carriers, by activating security features in both SIM card applications.

"In the mobile field, Simjacker and WIBattack attacks seem less attractive to criminals than SS7 or social engineering attacks," said Karsten Nohl, SRLabs security researcher.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


How do you turn large Twitter threads into readable posts?

If you are a regular Twitter user, you may have come across large Twitter threads that help the message exceed the limit ...

Do you want a Chromebook? Choose among the 4 best!

A good Chromebook is not much different from regular laptops, while the best of them may be nicer than ...

UniConverter: Convert videos to 1000 formats 30 times faster!

If you are a video content creator, you will definitely need to convert a video to various formats many times, without compromising ...

How to persuade older people to use technology?

Technology can often seem daunting and difficult to older people who are unfamiliar with ...

How to stream 4K Ultra HD content to Netflix?

During the quarantine, Netflix has been a great help to people spending boring hours at home. The service has ...

iPhone: Add and remove Widgets from the Home screen

Apple brought the widgets to the Home screen of the iPhone with iOS 14. This is an advanced form of widgets from ...

The best security cameras to protect your home!

If you are afraid of intruders in your home, these security cameras can stream live video directly to your phone.

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...

Facebook: How to hide old posts

Facebook has introduced a new tool called "Activity Management" that will allow you to delete old posts, helping you to improve ...

How to download and install the Play Store on laptops and PCs?

Nowadays, many people rely on their smartphones, as they can be used easily and quickly for ...