SIM swappers hijacking phone numbers in eSIM attacks

SIM swappers hijacking phone numbers in eSIM attacks

March 14, 2024 at 03:01PM

SIM swappers have developed new tactics targeting eSIM technology, enabling them to hijack phone numbers and gain unauthorized access to bank accounts. By remotely reprogramming eSIMs, they can transfer a victim’s number to their own device, bypassing security measures. To protect against this, experts recommend using strong passwords and two-factor authentication, particularly for sensitive accounts.

Meeting Takeaways:

1. SIM swappers have evolved their attacks to target eSIM cards, which can be remotely reprogrammed and provisioned. This allows them to hijack a victim’s phone number and access various online services, including banks and messengers.

2. Russian cybersecurity firm F.A.C.C.T. reports that since the fall of 2023, there have been over a hundred attempts to access the personal accounts of clients at a financial organization due to eSIM-swapping attacks.

3. Attackers hijack a user’s account for the service provider’s platform or app, initiate the procedure of porting the victim’s number to another device, and generate a QR code to activate a new eSIM, essentially hijacking the victim’s number.

4. The attackers can gain access to SIM-linked accounts in various messenger apps, enabling them to scam other people by posing as the victim and tricking them into sending money.

5. To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account, enabling two-factor authentication, and considering the use of physical keys or authenticator apps for more valuable accounts such as e-banking and cryptocurrency wallets.

Full Article