According to the news, there is a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.
Basically, the attacks can be summarized in four following steps:
Step 1 — Attackers send a malicious OTA SMS to the victim’s phone number containing an S@T or WIB command such as SETUP CALL, SEND SMS, or PROVIDE LOCATION INFO.
Step 2 — Once received, the victim’s mobile operating system forwards this command to the S@T or WIB browser installed on the SIM card, without raising an alert or indicating the user about the incoming message.
Step 3 — The targeted browser then instructs the victim’s mobile operating system to follow the command.
Step 4 — The victim’s mobile OS then performs the corresponding actions.
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html
Leave a Reply
You must be logged in to post a comment.