• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WIBattack, Simjacker’s Sibling

October 1, 2019 By Emil Hozan

If the announcement of Simjacker wasn’t startling enough, yet another SIM-based vulnerability has been released – and it’s been known for four years! Ginno Security Laboratory, a non-profit security research organization, claims to have discovered both [email protected], which is the name they dubbed Simjacker (which is what AdaptiveMobile Security named the exploit), as well as the newly released WIBattack. WIB is an acronym for Wireless Internet Browser.

In short, once more sparing the technical details, both attacks are pretty much the same. The only real difference is that both specifications are maintained by two different entities. Simjacker, or [email protected], targets SIMs that are maintained by SIMalliance. WIBattack targets SIMs that are maintained by SmartTrust. The GSM Association was made aware of this attack as well.

To reiterate the attack, attackers can send specially crafted messages to a victim’s phone’s SIM card, thus completely bypassing the mobile operating system (OS). Again, there is no indication of comprise and no alert is risen to the platform’s OS – this is some seriously scary stuff. Attackers are able to make phone calls on your behalf, terminate any call users may be on, as well as even revealing location data.

Ginno’s research is also modifying a mobile app that can help end users detect if their SIM cards are vulnerable. The app, SIMtester, which was originally developed by Security Research labs and they presented Rooting SIM Cards at Black Hat 2013, is expected to come out to apps stores soon.

Share This:

Related

Filed Under: Editorial Articles Tagged With: mobile security, mobile threats, SIM Hack, SIM Heist

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use