New type of SIM card cyberattack exploits Java-based apps

A new type of cyberattack capable of exploiting vulnerabilities in Java applications run through SIM cards installed within smartphones has been identified by a mobile security company, according to ZDNet.

AdaptiveMobile announced in a September 2019 report that it had discovered the attack called WiBattack, which is identical to another type identified earlier in the year called SimJacker. Both attacks leave IOS and Android users at-risk, according to Forbes.

How do WiBattack and SimJacker attacks work?

The AdaptiveMobile report alleges that the SimJacker attack was carried out "private company that works with governments" to send "rogue commands" to SIM card-run applications to track users. In particular, SimJacker runs commands on the S@T Browser application and WiBattack does the same on the Wireless Internet Browser, ZDNet explained. The report alleges that the attacks were part of an effort by "surveillance companies for espionage operation" and could impact over one billion phones worldwide.

After a recent Ginno Security Lab report was published in October, it is known so far that the WIB and S@T Browser applications are vulnerable to the attack. WiBattack attacks execute instructions on SIM cards for which manufacturers did not "enable any special security features," according to ZDNet.

Smartphone and mobile phone commands capable of being executed through WIB and S@T include:

  • Get location data
  • Start call
  • Play a tone
  • Send SMS ("text message")
  • Display text on the device
  • Launch internet browser with a specific URL

Who is at risk of attack?
According to ZDNet, mobile phone users with devices 61 different carriers in 29 different countries around the world are considered vulnerable to SimJacker attacks, because those companies still ship vulnerable SIM cards to customers there. Countries affected include those in Central America, Asia, Africa and South America; the United States, Canada and most European countries are not included, aside from Italy, Bulgaria and Cyprus. The report further claims that only seven countries are vulnerable to WiBattack attacks from eight operators.

Using two self-developed apps to track the S@T and WIB applications, an SRLabs team conducted research on the attack and analyzed 800 SIM cards from around the world. Results revealed that "most mobile telecos" no longer sell devices with the apps. One of the SRLabs apps – SnoopSnitch – detects suspicious binary SMS messages and first detected attacks on the S@T application in 2016, according to the results report.

android sms
Both SimJacker and WiBattack attacks operate by sending SMS messages to issue commands on smartphones' SIM card applications, according to an Adaptive Mobile report.

"Average" smartphone users not likely targets
It was found that 9.1% of the cards tested had S@T or WIB applications vulnerable to attacks, among other findings. Notably, ZDNet states that the two attacks are not considered as dangerous when compared with the implications of others.

ZDNet points out that on most SIM cards, both applications have innate security features that prevent hackers from sending the required OTA SMS messages to execute SimJacker or WiBattack attacks. Testing found that the attacks were only possible if the S@T and WIB apps had minimum security level indexes of 0.

"The 'average' person is not likely to be targeted…the main targets (of SIM app attacks) are probably those that are of interest to nation-state customers," Cathal McDaid writes in an October 2019 Adaptive Mobile blog post.

According to the SRLabs report, mobile network operators can ensure that their customers' SIM cards are safe from both attacks by either removing SIM applet vulnerabilities or blocking binary SMS messages, although a "combination of both" is advised. Users themselves are unable to take these precautions, although they can use tools at any time – particularly on Android devices – to find out whether they are being attacked.

The recent attacks highlight the risk posed by employers whose employees typically work remotely on unsecured smartphones, as opposed to organizations that provide their workers with network secure devices. That's where Inventu Corporation can help.

Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary terminal emulation tool called the Flynet Viewer, allowing developers to craft reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers or smartphones. Overall, the Flynet Viewer supports streamlined IT modernization and meets employer and staff expectations in a way that feels both familiar and simple. Contact us today or review our extensive product catalog to see how Inventu can help you rid your servers of unsafe Java.