SIM Swappers Are Exploiting eSIM Vulnerabilities for Financial Frauds: Report
SIM swappers are reportedly using stolen and leaked phone account credentials to port the victim’s number.
Advertisement
Highlights
- As per the report, the incidents of SIM swapping have increased globally
- Hackers are said to breach eSIM security to port a number to their device
- eSIM users can use 2FA and authenticator apps to improve security
Hackers are reportedly porting numbers to access victim’s online banking services to steal their money
Photo Credit: Unsplash/ Brett Jordan
SIM swapping crimes are on the rise globally, according to a new report. These crimes are primarily committed using eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards which are embedded into a device using a software. Hackers are now reportedly exploiting vulnerabilities within this technology to brute force into the victim's phone account to port the number to their own device. The findings also revealed that the bad actors are mainly interested in victim's online banking accounts and other financial services.
The information comes from the Russian cybersecurity firm FACCT, a spin-off of Group IB. In its report, it highlighted that it has recorded “more than a hundred attempts to enter clients' personal accounts in online services from just one financial organisation.” It also stated that cybercriminals have been using this method globally for at least a year.
Modus operandi of the cybercrime is straightforward. Earlier, the criminals would deploy social engineering strategies or use insiders at telecom companies to illegally port numbers to their devices. However, the report states that now the hackers have resorted to exploiting the vulnerabilities within eSIM. While it did not explain the technicalities, the process includes accessing the phone account credentials of a victim by either stealing them, getting access to leaked details through data breach incidents, or brute-forcing their way into the victim's account.
Once the SIM swappers gain the credentials, they generate QR codes through the hijacked phone account which can be used to port the device directly, circumventing the usual procedure. The report also added that the criminals were only focused on committing financial fraud by accessing the victim's online banking accounts, crypto wallets, and more.
Advertisement
“Having gained access to the victim's mobile phone number, cybercriminals can obtain access codes, two-factor authentication for various services, including banks, instant messengers, which opens up a lot of opportunities for attackers to implement criminal schemes,” said Dmitry Dudkov, Fraud Protection Department Specialist at FACCT.
FACCT also urged eSIM users to improve the security of their phone account by using two-factor authentication and keeping a complex password which includes a randomised alphanumeric series and special characters. For added security, users can opt for authenticator apps.
Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Advertisement