SIM card security has always been called into question. Even so, it is severely used for two-factor authentication (2FA). Nevertheless, a recent published finding shows a security breach on certain SIM cards that an attacker may use.
Through this security flaw, the attacker can access various victim data as well as control the operations performed with the card. According to experts, hundreds of millions of SIM cards are in danger.
In the past we have seen several cases that demonstrate the weaknesses of SIM cards. The most iconic recent case has been Simjacker, who takes control of victims’ devices without their realizing it. This new threat found by Ginno Security Lab goes back to the same reality, but with even more compromised users!
Through the Wireless Internet Browser (WIB), the attacker can penetrate the victim’s SIM card commands. This invasion can be done remotely and simply. To do this, simply send an SMS to the victim with a link, which they have to open.
By sending a malicious SMS to the victim’s phone number, an attacker could abuse WIB vulnerabilities to remotely control the victim’s mobile phone. The magnitude of the vulnerability in WIB spreads worldwide and puts hundreds of millions of telecommunications users at risk.
Once hacked, the mobile phone is at the mercy of the invader. Quietly, this can perform a whole set of operations without the victim realizing it. These include making calls and sending SMS, browser access, IMEI information, and the precise location of the victim.
More dangerous is that the user has no idea that he is being attacked or controlled. The device does not send a notification informing you of the situation, not realizing at all what is happening with the device you use.
The list of SIM cards threatened by this flaw is immense, affecting hundreds of millions of users. To be vulnerable, your SIM card must be WIB enabled.
Ginno Security Lab reported the SIM card WIB vulnerability to The GSM Association. This association recommends using SIMtester, an open-source tool to check whether your card is secure or not.