#WIBattack: Vulnerability in WIB sim-browser can let attackers globally take control of hundreds of millions of the victim mobile phones worldwide to make a phone call, send SMS to any phone numbers, send victim’s location, launch WAP browser, etc.
Ginno Security Lab, we researched security in Simcard and discovered the vulnerability in both WIB Simcard-browser and S@T Simcard-browser, that cause serious harm to hundreds of millions of telecom subscribers worldwide in 2015. Vulnerability in WIB has not ever been published yet. By sending a malicious SMS to victim phone number, attacker can abuse the vulnerabilities in the WIB sim browser to remotely take control of the victim mobile phone to perform harmful actions such as: send SMS, make phone call, get victim’s location, launch other browsers (e.g WAP browser), get victim’s IMEI, etc.
The affection of the vulnerability in WIB spreads worldwide and puts hundreds of millions of telecom subscribers worldwide at risk. The security vulnerability comes from the sim card, depends neither on mobile phone devices nor on mobile phone Operating System, so every mobile phone is affected.