At the beginning of this month, a critical vulnerability was found in various SIM cards. This vulnerability is capable of remotely compromising target devices just by sending a specially crafted SMS.
Simjacker resides in a dynamic SIM toolkit known as S@T Browser. At first, S@T browser was considered as the only toolkit that contained the vulnerability. Recently researchers have found that there is one more dynamic SIM toolkit, called Wireless Internet Browser (WIB), which can be used in the same way by the attackers to exploit millions of mobile phones.
WIB toolkit is maintained and designed by SmartTrust. SmartTrust is one of the leading and reliable companies that provide SIM-toolkit based solutions. These toolkits are used by more than 200 mobile operators and the list includes AT&T, Claro, Etisalat, KPN, etc. The dynamic toolkits are famous and widely used because these toolkits provide new features and options on the fly based on information provided by a central server.
Attackers send an OTA SMS to the target containing an S@T or WIB command. After receiving this command the mobile’s OS forwards the command to the S@T or WIB browser without generating an alert. The targeted browser then instructs the operating system to follow the listed command. The OS then performs the actions based on the command provided by the browser. Users are getting trapped into such attacks without even sniffing a bit of threat. User data linked to their mobile can be accessed and misused by the attackers for their benefits.
Use NPAV mobile app and stay protected.