Ginno Security Lab: visit https://ginnoslab.org for more detail.
Detail Article: https://ginnoslab.org/2019/09/23/stat...

#S@Tattack: Vulnerability in S@T sim-browser can let attackers globally take control of hundreds of millions of the victim mobile phones worldwide to make a phone call, send SMS to any phone numbers, send victim’s location, launch WAP browser, etc.

Pivi (Security Researcher)â€" Ginno Security Lab

We researched security in simcard and discovered the vulnerability in both S@T simcard-browser and WIB simcard-browser that cause serious harm to hundreds of millions of telecom subscribers worldwide in 2015, and it has not ever been published yet.

By sending a malicious SMS to victim phone number, attacker can abuse the vulnerabilities in the S@T sim browser to remotely take control of the victim mobile phone to perform harmful actions such as: send sms, make phone call, get victim’s location, launch other browsers (e.g WAP browser), get victim’s IMEI, etc.

The affection of the vulnerability in S@T spreads worldwide and puts hundreds of millions of telecom subscribers worldwide at risk. The security vulnerability comes from sim card, depends neither on mobile phone devices nor on mobile phone Operating System, so every mobile phone is affected.

We are always willing to help about counter-measures.