Simjacker Attack- Remember the Simjacker vulnerability?
Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.
If you can recall, the Simjacker vulnerability resides in a dynamic SIM toolkit, called the [email protected] Browser, which comes installed on a variety of SIM cards, including eSIM, provided by mobile operators in at least 30 countries.
Now, it turns out that the [email protected] Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorization—regardless of which handsets or mobile operating systems victims are using.
WIB SIM ToolKit Also Leads To SimJacker Attacks
Following the Simjacker revelation, Lakatos, a researcher at Ginno Security Lab, reached out to The Hacker News earlier this week and revealed that another dynamic SIM toolkit, called Wireless Internet Browser (WIB), can also be exploited in the same way, exposing another set of hundreds of millions of mobile phones users to remote hackers.
Lakatos told The Hacker News that he discovered this vulnerability back in 2015 but decided not to disclose it publicly until now because the process to patch such a flaw is complex and most importantly, can be abused by “bad guys to control phones running vulnerable SIMs remotely.”
Besides this, Lakatos also claimed that he independently discovered [email protected] Browser as well and also provided a video demonstration of the Simjacker vulnerability with more details that have not yet been published by AdaptiveMobile Security researchers who initially disclosed the issue earlier this month.