Previously, E Hacking News reported on the Simjacker vulnerability, which allows to monitor the owners of the phones.
Simjacker is the first real attack where the malicious instructions are sent directly in the SMS message. Interestingly, messages are not stored in either inbox or outbox, so everything happens completely unnoticed by the victim.
According to the researchers, attackers can exploit the vulnerability regardless of the brand of the user's device. A similar vulnerability was recorded on devices of many manufacturers, including Apple, Samsung, Google, HUAWEI and others.
According to Adaptive Mobile Security experts, the vulnerability has been exploited for at least two years by highly sophisticated cyber criminals (most likely working for the government) to spy on users.
Ginno Security Lab experts claim they identified similar kind of vulnerabilities in 2015 and this is the first time they are publishing the details.
Adaptive Mobile Security said that everything starts with sending a malicious SMS-message. It can be sent from a phone, GSM modem or even a computer. After opening, this malicious message launches the S@T Browser program installed on each SIM card, as mobile operators use it to provide their services. In this way, attackers can gain full control of the victim's phone.
The company Ginno Security Lab claims that they have found vulnerability in both WIB simcard-browser and S@T simcard-browsers.
"The Wireless Internet Browser (WIB) is specified by SmartTrust and is the market leading solution for SIM toolkit based browsing".
By sending a malicious SMS message to the victim's phone number, an attacker can exploit vulnerabilities in the WIB simcard-browser to remotely gain control of the victim's mobile phone to perform malicious actions. In their demo, they remotely made a call from victim's phone to another phone.
The impact of the vulnerability in WIB is spreading around the world and putting hundreds of millions of telecommunication subscribers worldwide at risk. The security vulnerability comes from the SIM card, does not depend on mobile phones or the mobile phone operating system, so every mobile phone is affected.
According to the researchers, one of the main reasons for the existence of Simjacker vulnerability today is the use of outdated technologies in SIM cards, the specifications of which have not been updated since 2009. Experts have already information their findings to the GSM Association, a trade organisation that represents the interests of mobile operators around the world.
