WIB Vulnerability: Sim-Card that Allows Hackers to Takeover Phones
In the past, we’ve all witnessed sim-jacking attacks that allow a hacker to impersonate the targeted victim to steal the phone number. Hackers can gain access to unauthorized information related to the victim using the vulnerability, ‘SimJacker’ was that vulnerability.
Recently there’s a similar vulnerability that has popped up, which uses the same SMS-technology to track users’ devices by exploiting little-known apps that are running on a sim-card.
The new attack namely, WIBattack is similar to Simjacker. Folks at mobile security firm AdaptiveMobile disclosed that attack vector.
Both attacks are similar in the way they work, they even grant access to the same commands. The main difference between the two attacks is the fact that they target different applications running on the sim-card.
Mainly, Simjacker executes commands using the S@T Browser app. Whereas WIBattack sends commands to the Wireless Internet Browser (WIB) application.
Telecommunication companies have both java-applets pre-installed on sims to provide management to customer devices and their mobile subscriptions. Cybersecurity is evolving at a fast pace and AI is being considered to be implemented in it to tackle exploits that humans will have difficulties preventing.
Remote access being insecure is the cause behind the WIB vulnerability, in my opinion. Here are 3 important strategies to protect yourself from cyber threats.
The History Of WIB Attack
AdaptiveMobile, a mobile security firm released a report that disclosed details about a company involved in sending rogue commands to the S@T Browser application running on sim-cards. The company had ties with the government and was executing those commands to track individuals.
Recently a report was published by GinnosLab, that disclosed information about the WIB app being vulnerable to similar attacks. Attackers start by sending a specially formatted binary SMS also known as an OTA SMS to target WIB and S@T applets. The SMS executes sim-toolkit instructions on the device, which grants hackers the ultimate access.
The sim-cards that do not have special security features pre-enabled by the telecommunication companies are vulnerable to those malicious instructions.
The applets installed on the sim-card supports the execution of the following commands:
- Get location data
- Start call
- Send SMS
- Transmit SS requests
- Send USSD requests
- Launch an internet browser with a specific URL
- Display text on the device
- Play a tone
According to GinnosLabs, Since the attack is fairly similar to Simjacker, it can be abused to track victims. One of the possibilities of this attack method is that a skilled hacker can start a call and listen to nearby conversations which can get quite scary if you think about it.
Exploitation After Gaining Persistence
If the hacker establishes persistence and exploits the vulnerability, then things go downhill faster. The hacker can execute social engineering attacks using the victim’s vulnerable sim-card. For instance, phishing links can be forwarded to the victim’s contact list causing small-scale personal data breaches unless the victim is an important personality, the effects can be major.
It is essential for anyone working towards data security and privacy to be aware of the different types of data breaches. Knowing the enemy is the first step in retaliating. The fact that technology has progressed so far also means the attack vectors are also adapting and evolving.
Phishing is one of the attacks, hackers can execute overtime after they establish persistence. Human-generated phishing links are the past now. AI-generated phishing techniques are the future and are more dangerous. Not only that there are many cyber threats emerging rapidly that can completely change your perspective on what’s secure and what’s not.
What Is Over The Air (OTA) Technology?
Since this vulnerability utilizes “Over The Air” technology, it is essential for us to know what it is and how it works. Telecommunication companies use OTA technology to download, manage and modify the data on sim-cards without being physically connected to it. In other words, remotely.
It enables a network operator to introduce new services or modify existing ones in a cost-effective manner. It uses the client-server architecture where your sim-card serves as the client and the operator’s back-end system serves as the server which might include:
- Customer care services
- Billing system
- Application system
How Does OTA Work?
The operator’s back-end system is responsible to send service requests through an OTA gateway. The OTA gateway converts the requests into Short Messages that are transmitted through a Short Message Service Center (SMSC). It is responsible to circulate the messages to one or more sim-cards in the field.
Proving the point that OTA doesn’t require you to commute to a retail outlet to modify something on your sim-card.
The components required to implement OTA technology are listed below:
- A backend system to process and send requests.
- An OTA gateway that converts the requests in a suitable format for the sim-card to understand.
- An SMSC to send requests through a wireless network.
- A bearer to transport the request, in this case, it’s the SMS-technology.
- Mobile equipment to receive the request and pass it on to the sim-card.
- A sim-card to receive and execute the current request.
OTA SMS can be transmitted from peer-to-peer. In simple words, from one mobile subscriber to another.
What Would Be A Typical Attack Scenario?
Knowing how a hacker would attack your system is essential to counter it. Here’s how a typical hacker would execute this attack to exploit vulnerabilities on your sim-card.
The “Wireless Internet Browser” (WIB) is the leading sim-based browser that provides a menu that can be managed or updated using OTA technology.
The attack starts with an SMS sent from the attacker’s device to the victim’s mobile phone. The message is a malicious OTA SMS that contains WIB commands.
Once the victim receives the OTA SMS with the WIB commands. The WIB browser receives the transmitted commands on the victim’s phone. WIB responds to the requests made in that malicious SMS and sends back a proactive command such as initiating a call, sending SMS, etc.
Attackers can execute other commands that can track your location geographically.
How Many Devices Were Caught In This Vulnerability?
SRLabs the veterans in mobile and telecom security developed two applications, one for desktop and the other for mobile to tackle this situation.
Researchers used telemetry from both applications to analyze the extent of SimJacker and WIBattack vulnerabilities. They managed to gain data from 800 sim-cards globally. The results are fairly good because telecommunications companies are now shipping sim-cards that do not have the vulnerable applets running on them.
The statistics provided by SRlabs are as follows:
- 4% of the tested sim-cards had the S@T applet installed.
- 5.6% of total sim-cards were vulnerable to SimJacker. The cause being security levels set to 0.
- 7% had the WIB applet installed.
- 3.5% of sim-cards were vulnerable to the WIB Attack.
- 9.1% of the total sim-cards tested were either vulnerable to S@T Attack or WIB Attack.
Data of 500,000 users that installed SnoopSnitch revealed that only a few number of people received those malicious OTA SMS’es.
Important Countermeasures to Be Aware Of
It is important to have information about the attack vectors but the process doesn’t end there. If only knowing about the attack protected you from the negative effects, you wouldn’t need cybersecurity experts.
Knowing the problem is one half of the picture. The other half is knowing how to counter it or mitigate its effects properly. Here’s what you can do if you’re dealing with an insecure sim-card.
There are two ways to look at this problem, one is from the perspective of the network operator. The other is the perspective of the end-user.
For network operators, it is essential to deploy relevant solutions to tackle this problem. Some of the solutions may include, replacing the vulnerable sim-cards to give the end-user 100% security. Another solution that might be worth looking into is filtering OTA SMS’s.
As far as the subscriber is concerned, if the sim-card that the subscriber is using is vulnerable. The best thing to do is to replace the sim-card and invest in a few bucks to ensure 100% security, it’s because if you go roaming to other networks, your network provider won’t be able to ensure your security.
How Does The Vulnerability Affect You?
The question that comes up to the surface is how does it affect an average consumer? Well, It can be labelled as the invasion of privacy, data breach, and spying.
WIB browser executes commands that can easily provide enough information about the target’s surroundings, its location and even about the device he’s using.
The WIB browser vulnerability is as scary as it seems. Imagine talking to your friend but someone’s eavesdropping on your conversation. The exploit can be used to gain intel and possibly be used to harm people if not completely taken care of.
It seems like the movies, where the hacker can practically track everything that you do. It is true, nobody leaves their home without their phone. People are too dependent on gadgets and that dependency is capable of harming them.
The WIB attack is fairly similar to SimJacker. Both of these attacks are capable of executing the same kind of commands, the only major difference is the apps that they exploit. GinnosLab reported the vulnerability to the GSM association.
No need to be concerned about being vulnerable. The sim-cards in the market do not have the vulnerable applets anymore. If you want to test your sim-card you can utilize any of the listed applications above.
Not to mention, that data security is important in any aspect of technology. The details of the vulnerability were declared this year. It is essential to take the proper countermeasures so that you are not the victim of such attacks.
The post WIB Vulnerability: Sim-Card that Allows Hackers to Takeover Phones appeared first on ReadWrite.