Report: SIM swappers exploit eSIM vulnerabilities to hijack phone numbers
-
According to BleepingComputer, SIM swappers have adapted their techniques to steal phone numbers by transferring them onto new eSIM cards.
These eSIMs, embedded in mobile device chips, function like physical SIM cards but offer remote reprogramming capabilities.
Exploiting eSIMs by Cybercriminals
Embedded Subscriber Identity Modules (eSIMs) function similarly to physical SIM cards but are digitally stored on mobile device chips. They can be reprogrammed remotely and facilitate various functionalities such as activation and deactivation through QR code scans provided by service providers.
The report also highlights a surge in eSIM exploitation by SIM swappers worldwide, as noted by F.A.C.C.T., a Russian cybersecurity firm. By exploiting eSIM functionalities, criminals circumvent security measures to take control of phone numbers, resulting in unauthorized access to sensitive accounts.
Attackers’ Approach
Instead of relying on social engineering or insider assistance, attackers exploit vulnerabilities in mobile accounts using stolen credentials. They initiate number porting to a new device by generating QR codes within hijacked accounts, effectively seizing control of the victim’s number.
Protective Measures
Furthermore, once cybercriminals obtain the victim’s number, they exploit it for fraudulent activities, including accessing banking services and messenger apps.
To mitigate these risks, users should use strong passwords, enable two-factor authentication, and consider additional security measures like physical keys or authenticator apps for critical accounts.
In summary, the emergence of eSIM technology has inadvertently provided SIM swappers with new opportunities for exploitation. As cyber threats evolve, users must remain vigilant and implement robust security practices to protect their digital assets and personal information. -