Wibattack: Another SMS attack on the SIM card

Wibattack works similar to the middle of September by the security company Adaptive Mobile published malicious software Simjacker. Here, too, an SMS sends malware to the SIM card and from there information is read from the mobile phone and sent to the attacker via SMS – all without the user noticing anything. The Security company Ginno Security Lab wants to have discovered the vulnerability in 2015, together with Simjacker (which they called S @ Tattack). At first that had Online magazine Zdnet reports, Even with Wibattack users can be tracked, however, unlike Simjacker so far no attacks have become known.

Job market

  1. MTU Friedrichshafen GmbH, Friedrichshafen
  2. Haufe Group, Hanover

For the attacks to be carried out, special software must be available on the SIM card. In the case of the Simjackers this is the S @ T Browser, at Wibattack the Wireless Internet Browser (WIB). Both are a Java application, which are loaded by the telecommunications companies on the SIM card. The programs allow the management of the SIM card remotely, even premium SMS services are possible.

The Wibattack allows an attacker to use prepared SMS messages to be sent to a mobile phone, execute a series of commands on their SIM card, and retrieve data from the mobile phone or trigger certain actions. For example, you can read out the location, start a call or send a text message. Even an Internet browser can be opened with a transmitted URL and thereby download malicious software, for example. In addition, it is possible to play a sound or display a text on the display of the mobile phone, explains the Ginno Security Lab. Read data can be sent back to the attacker via SMS. The attacks are possible without user interaction.

With Simtester you can test SIM cards

With the Desktop Software Simtester The security company Security Research Labs allows SIM cards to be tested on the S @ T browser and the Wireless Internet Browser. But even if the two browsers are present, that does not automatically mean that the devices are also vulnerable, writes the security company, Telecommunications providers could simply block or filter out the prepared SMS. The security researchers recommend the telecommunications companies to set up such filters and also to delete the software from the SIM cards.

The company also develops the app Snoopsnitch, with which such attacks can be seen – assuming a rooted Android smartphone with Qualcomm chip. The software also verifies that all Android security patches have been installed.

Security Research Labs have reviewed 800 SIM cards, of which about 6 percent were vulnerable to the malicious software Simjacker, 9.4 percent have included the S @ T browser, the company said in a blog entry. Another 3.5 percent were vulnerable to the Wibattack. In addition, there had been a few reports of Simjacker attacks by the Snoopsnitch community.

Attacks unlikely

That users have a vulnerable SIM card, but rather unlikely. Besides the S @ T Browser or the Wireless Internet Browser, the Minimum Security Level (MSL) should also be activated and the prepared SMS should not be blocked by the telecommunications provider.

The local mobile telecom providers Telekom, Vodafone and Telefónica declared on request of not to use the S @ T Browser on German SIM cards. "At Vodafone Germany the Wireless Internet Browser is not used", explains Tanja Vogt, spokeswoman for Vodafone Germany. The Swiss Swisscom and the Austrian mobile phone provider Drei are not using either the S @ T Browser or the Wireless Internet Browser, as the companies confirm on's request. Answers from Telekom, Telefónica and the Austrian A1 were not available until the editorial deadline.