The regular SIM card that is installed in our phones can actually pose a serious security risk. It turns out that this piece of plastic with a microcircuit is susceptible to hacking, but it is in the user’s power to protect himself, his data and his smartphone.
♥ BY THEME: Why am I connected to Wi-Fi but no internet?
And with new online threats popping up every day, we need to be aware of more security holes. For example, you probably already know that your smartphone’s operating system needs regular updates. This is the only way to prevent threats. It should be understood that a SIM card can also be a source of vulnerability in the built-in security system. In this article, we will tell you how attackers can use your SIM card to access various services and data, as well as give advice on security measures in this area.
♥ BY THEME: Locked iPhone: what is it, how to check and can it be unlocked?
In September 2019, security researchers at AdaptiveMobile Security announced that they had discovered a new vulnerability. She was named Simjacker. This sophisticated attack targets SIM cards. A piece of spyware-like code is sent to the target device via SMS.
If the user opens such a message, the code will be activated and hackers will be able to spy on calls and messages from this phone, as well as track its location.
The vulnerability works through software called S @ T Browser, which is part of the SIM Toolkit (STK). Many telephone operators use it on their SIM cards. SIMalliance Toolbox Browser is a way to access the Internet. Basically, it is a basic web browser that allows service providers to interact with web applications such as email.
However, today most people use browsers such as Chrome or Firefox on their devices, the S @ T browser is rarely in demand. However, specialized software is still installed on a large number of devices, making them vulnerable to the Simjacker attack.
Researchers believe that this attack was used in many countries. It is stated that the S @ T protocol “is used by mobile operators in at least 30 countries with a combined population of more than a billion people.” These are mainly the Middle East, Asia, North Africa and Eastern Europe.
The experts concluded that the exploit was developed and used by a specific private company. She worked with the authorities of different countries to monitor certain demographic groups such as journalists and activists.
All types of phones are affected, including iPhones and Android devices. Simjacker even works with embedded SIM (eSIM) cards.
♥ BY THEME: SOS: what does it mean?
SIM card re-issue
Another SIM security issue that you may have heard of is SIM re-issue. For example, hackers used a variation of this technique to hijack the personal Twitter account of the same company’s CEO Jack Dorsey in August 2019. Thanks to this event, many became aware of the potential destructive power of such attacks. And this method uses gimmicks and human engineering, not technical vulnerabilities.
To reissue the SIM, the hacker will first call your carrier. Attackers will pretend to be you and ask you to replace the SIM card. For example, hackers will say they want to migrate to a new device and therefore need a new SIM card. If successful, the phone operator will send them a SIM card.
This way, attackers can steal your phone number and associate it with their device. And all this without removing the SIM card from your device!
As a result of the action, two effects will appear. First, your original SIM card will be deactivated and stop working. And secondly, the hacker will now have control over phone calls, messages and two-factor authentication requests sent to your phone number. This means that third parties will now have enough information to access your accounts, which will block your access to various services.
It is difficult to defend against SIM card reissue because this attack is related to social engineering. The hacker will have to convince the support employee of who the caller is. Once they get your SIM card, attackers will be able to control your phone number. Unfortunately, you may not even know you are being targeted until it’s too late.
♥ BY THEME: How to visually change the e-mail address in Gmail, but continue to receive letters to it: 3 ways.
Cloning a SIM card
Often times people try to combine SIM card reissue and SIM cloning in the same case. However, cloning a SIM card is more practical than the other option.
In a SIM cloning attack, the hacker first gains physical access to your SIM and then creates a copy of the original.
Naturally, in order to copy your SIM card, attackers will first physically remove your SIM card from the smartphone. Then the dedicated smart card copying software comes into play, it will copy the unique identification number assigned to your SIM card and transfer it to a blank SIM card.
After that, a new cloned SIM card will be inserted into the attacker’s smartphone. Once this process is complete, consider that your unique SIM card identification information has all but disappeared.
Now a hacker will be able to track all messages sent to your phone – just like when a SIM is reissued. This means that outsiders will gain access to your two-factor authentication codes, allowing them to hack your social media accounts, email addresses, card and bank accounts, and more.
Hackers can also use your stolen SIM card for fraudulent purposes when they need to provide a unique phone number somewhere.
♥ BY THEME: How long does it take for Google to delete my account if I don’t use Gmail, YouTube, etc.?
How to keep your SIM card safe?
If you want to protect your SIM card from such attacks, fortunately, there are some precautions you can take.
Protection against attacks provoked by social networks
To protect against SIM swapping, make it difficult for hackers to find information about you. Attackers will try to use data they find about you on the Internet, such as the names of friends and family members or your address. This information will help you convince the customer service representative of who the caller is.
Try to block this information by setting access only for friends in your Vkontakte or Facebook profile and restricting the publicly available information that you share on other sites. Also, remember to delete old accounts that you no longer use so that they don’t become a target of a hack.
Another way to protect yourself from SIM reissue is to watch out for phishing. Hackers may try to trick you into obtaining additional information in order to use it to copy your SIM card. Watch out for suspicious emails or login pages. Be careful when entering login information for any account you use.
Finally, think about which two-factor authentication methods you are using. Some two-factor authentication services send an SMS message with a special code to your device. This means that if your SIM is compromised, hackers will gain access to your accounts, even if you have two-factor authentication enabled.
Instead, use another authentication method, such as the Google Authentication app. This way, authentication becomes tied to your device and not to your phone number, making it more secure against SIM re-issue attacks.
♥ BY THEME: TOP-20 worst passwords on the iPhone, with the help of which 25% of all Apple smartphones are hacked + Poll.
Set up SIM card lock
To protect against SIM attacks, you should also ensure that some protection measures are activated on your SIM card. The most important and simplest security measure you can implement is adding a PIN. Thus, if someone wants to make changes to your SIM card, they will need to enter a secret PIN.
But before setting up such a SIM card lock, make sure you know the PIN code provided to you by your network operator. To set it up, on your Android device, go something like this: Settings → Lock screen and security → Other security settings → Set up SIM card lock or Settings → Passwords and security → <Оператор> → Blocking SIM-cards… Here you can activate the SIM card lock slider.
On iPhone, go to Settings → cellular → SIM PIN… Then enter your existing PIN for confirmation, press Done and the SIM card lock will be activated.
♥ BY THEME: Can an iPhone be hacked?
Other safety tips
As always, you should use strong and individually generated passwords. Do not reuse old passwords or use the same password for multiple accounts.
Also, make sure that your answers to password recovery questions are not publicly available, for example, it is not your mother’s maiden name, which is a classic.
♥ BY THEME: Should the number be pasted on the back of a bank card if sometimes you have to hand it over to the seller?
Protect your device from SIM attacks
Mobile attacks are becoming more sophisticated. But there are available remedies against these types of attacks, such as keeping your personal information private and setting up a SIM card lock.
However, in general, phones are becoming more secure than before, and you can always check if your phone has been jailbroken. And the security features at your disposal help you protect yourself from malicious acts by third parties.