Ginno Security Lab, a China-based Mobile Security service offering company has discovered a new Sim card vulnerability besides the recently discovered SIMJacker cyber threat.
The researcher’s claim that a new vulnerability was lurking in the dark which might hit the entire GSM Association at any moment causing serious harm to millions of telecom subscribers worldwide.
Technically speaking, the described mobile security threat is in existence since 2015 but was recently discovered when a Cybersecurity firm AdaptiveMobile threw some light on Simjacker vulnerability.
Experts from Ginno Security say that WIBattack is identical to Simjacker, but the two attack different app targets running on the Sim cards. While the former hits Wireless Internet Browser (WIB) app, the later targets S@T browser app allowing hackers to exploit & spy on the user and his/her Smartphone activities.
In both cases, attackers are seen targeting mobile phones through malicious OTA SMS containing the WIB commands.
Both are Java-based applets and allow telecom companies to provide Voice over spectrum services.
Furthermore, researchers from Chinese firm Ginno Security argue that there were the first to discover Simjacker attack in 2015 which they named it as S@T attack. However, they did not make it public for reasons.
Note 1- According to experts from ZDNET, only a few mobile providers are now providing SIM cards loaded with apps are located mostly in Eastern Europe, Latin America, and the North African region.
Note 2- It was discovered that threat actors can take the help of WIBattack and hijack mobile phones worldwide. This includes making phone calls from a victim’s phone, send SMS or make calls from that phone to any phone number on the globe and such.