The flaw in both S@T and WIB Browsers can be exploited to perform several tasks on a targeted device just by sending an SMS containing a specific type of spyware-like code.
- Retrieving targeted device’ location and IMEI information,
- Sending fake messages on behalf of victims,
- Distributing malware by launching victim’s phone browser and forcing it to open a malicious web page,
- Performing premium-rate scams by dialing premium-rate numbers,
- Spying on victims’ surroundings by instructing the device to call the attacker’s phone number,
- Performing denial of service attacks by disabling the SIM card, and
- Retrieving other information like language, radio type, battery level, etc.
Read more about it here: https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html