The vulnerability might be used to trace a tool’s location, level customers to phishing web sites and rack up charges on calls to toll numbers, amongst different tips. Ginno has briefed the GSM Association on WIBattack, though it isn’t clear what if something the business physique is doing to handle the problem.
It’s not sure simply how many individuals are really susceptible. While Ginno warns that “hundreds of millions” of telephones with WIB-capable SIM playing cards is likely to be in danger, ZDNet obtained an SRLabs report suggesting the actual variety of potential victims is likely to be significantly decrease. Out of 800 examined playing cards, solely 10.7 % had WIB put in, and 3.5 % of them have been susceptible to a Simjacker-like attack.
There’s additionally the query of whether or not or not this could be the best methodology for would-be attackers. It could also be simpler to attempt SIM hijacking (which can merely contain less-than-scrupulous service workers) or an SS7 exploit. Still, that is one other vital flaw which may be tough to utterly remove till networks and customers improve to safer SIMs.