Select Page

Bleeping Computers reports that F.A.C.C.T., a Russian cybersecurity company, has issued a caution regarding the exploitation of eSIM technology by SIM swappers to pilfer phone numbers and circumvent security protocols. Since autumn 2023, the firm has identified more than a hundred endeavors to breach personal accounts within a solitary financial institution, signaling an escalating threat.

eSIMs are digital SIM cards stored on mobile device chips that offer the same functionality as physical SIM cards, but with the added advantage of remote reprogramming. Users can add an eSIM to their device by scanning a QR code provided by their service provider. This technology has become popular among smartphone manufacturers as it eliminates the need for a physical SIM card slot and enables cellular connectivity on small wearables.

Cybercriminals adapt to exploit eSIM vulnerabilities

SIM swappers have adapted their attacks to exploit eSIM technology. Since fall 2023, F.A.C.C.T.’s Fraud Protection analysts have recorded over a hundred attempts to access personal accounts of clients in online services at one financial organisation. Attackers breach users’ mobile accounts using stolen, brute-forced, or leaked credentials and initiate the porting of victims’ numbers to their own devices by generating QR codes through the hijacked accounts. This process effectively hijacks the victim’s phone number while deactivating the legitimate owner’s eSIM or physical SIM card.Once criminals gain access to a victim’s mobile phone number, they can obtain access codes and two-factor authentication for various services, including banks and messaging apps. Cybercriminals can also use the stolen phone numbers to access SIM-linked accounts in various messenger apps, enabling them to impersonate the victim and trick others into sending money.

Protecting against eSIM-swapping attacks

To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for cellular service provider accounts and enabling two-factor authentication when available. For high-value accounts, such as e-banking and cryptocurrency wallets, users should consider additional security measures like physical keys or authenticator apps.The rise of eSIM technology has inadvertently provided SIM swappers with new avenues for exploitation. It is crucial for both individuals and organisations to stay informed about emerging risks and take proactive steps to mitigate them. BleepingComputer’s report on F.A.C.C.T.’s findings serves as a wake-up call for users to prioritize the security of their mobile accounts and highlights the importance of staying ahead of cybercriminals’ ever-changing tactics.

  • Published On Mar 18, 2024 at 03:15 PM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETBFSI App

  • Get Realtime updates
  • Save your favourite articles

icon g play

icon app store


Scan to download App
bfsi barcode

Share it on social networks