You probably know that your smartphone’s operating system should be updated regularly to protect it against security breach. But your SIM card can also have vulnerabilities. In this article, you will see how hackers can use SIM cards to gain access to devices and what you should do to keep your SIM card safe .
Sim card hacking news are not uncommon. In September 2019, security researchers at AdaptiveMobile Security announced that they had discovered a new security vulnerability that they coined Simjacker . This complex attack targets SIM cards . It does this by sending a spyware-like piece of code to a target device via an SMS message.
The vulnerability works by using a software called ST Browser (SIMalliance Toolbox Browser) , which is part of the SIM Application Toolkit (STK) that many telephone operators use on their SIM cards. The ST Browser is basically a web browser which allows service providers to interact with web applications such as email apps.
Now that most people use a browser like Chrome or Firefox on their device, the ST browser is rarely used. The software however is still installed on a large number of devices, leaving them vulnerable to the Simjacker attack.
Researchers believe that this attack has been used in several countries in the last two years, specifying that the ST protocol ” is used by mobile operators in at least 30 countries whose cumulative population totals more than one billion people “, mainly in the Middle East, Asia, North Africa and Eastern Europe.
They also believe that this was developed and used by a specific private company, which is working with various governments to monitor specific groups of people. Currently, between 100 and 150 people are targeted by this attack every day .
As the attack works on SIM cards, all types of phones are vulnerable, including iPhone and Android devices.
Another SIM card security issue you may have heard of is SIM card swapping . Hackers used a variation of this technique to take over Jack Dorsey’s (Twitter CEO) personal Twitter account in August 2019. This event raised awareness of how these attacks can be destructive. The relatively simple technique uses tricks and human social engineering rather than technical vulnerabilities.
Image credits: offgridweb | SIM Swap
To perform a SIM card swap , a hacker will first call your phone provider. They will pretend to be you and ask for a replacement SIM card. They will say they want to upgrade to a new device and therefore need a new SIM. If they are successful, the phone provider will send them the SIM. They now have your hacked sim card.
They can then steal your phone number and link it to their own device.
This has two effects. First of all, your real SIM card will be deactivated by your provider and it will stop working. Second, the hacker now has control over phone calls, messages, and two-factor authentication requests that are sent to your phone number. This means they could have enough information to access your bank accounts, email, social media, and more.
The SIM swapping is difficult to protect. This is because hackers can convince a customer service agent that they are you. Once they have your SIM, they have control over your phone number, and you may not even know that you are a target until it’s too late.
To protect your SIM card against the above mentioned attacks, there are some steps you should take.
To protect against SIM card swaps, you need to make it harder for hackers to find information about you. Hackers will use the data they find about you online, such as the names of friends and family or your address. This information will make it easier to convince a customer service agent that they are you.
Try to block this information by setting your Facebook profile for friends only and limiting the public information you share on other sites. Also, remember to delete old accounts that you no longer use to prevent them from being the target of a hack.
Another way to protect yourself against SIM card swaps is to be aware of phishing . Hackers are able to spoof your identity to get more information that they can use to copy your SIM. Be on the lookout for suspicious emails or login pages. Be careful when entering your login details for whatever account you use.
Finally, consider what kind of two-factor authentication methods you use. Some two-factor authentication services will send an SMS message to your device with an authentication code. This means that if your SIM is compromised, hackers can access your accounts even if you have two-factor authentication enabled.
Instead, use another authentication method, such as the Google Authentication app. In this way, authentication is linked to your device, not your phone number, which makes it more secure against SIM card swap attacks .
SET A SIM CARD LOCK
You must also configure some protections on your SIM card. The most important security measure you can implement is adding a PIN code to your SIM card . In this way, if someone wants to make changes to your SIM card, they need to enter a PIN code.
Before setting up a SIM card lock, you should make sure you know the SIM Card PIN number that your network provider sent you. To configure it, on an Android device, go to Settings> Lock screen and security> Other security settings> Set up SIM card lock. Then you can enable the slider to get your SIM card locked.
As always, you should use strong, individually generated passwords. Don’t reuse old passwords or use the same password on multiple accounts.
Also, make sure that your answers to the password recovery questions are not publicly available, such as your mother’s maiden name.
Attacks on mobile devices are becoming more and more sophisticated. Simjacker and SIM swap attack both target SIM cards, but they do it in different ways. Simjacker is a technical attack that exploits vulnerabilities in the software used by telephone companies. SIM swap attacks use social engineering to obtain a copy of your SIM card.
There are protections against these types of attacks, such as keeping your personal information secret and setting a SIM card lock.
That being said, phones are getting more secure than they used to be …
If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.