Hackers Rob Thousands by Kidnapping SIM Cards

Our smartphones have turned into a fundamental part of our lives: we communicate with them, use them to look up information, and on them save invaluable moments of our lives.  These tools store lots of personal information about each one of us, and we often aren’t conscious of the importance that this fact implies. What can we learn about our SIM card security?

What information can be extracted?

Cybercriminals use various methods to rob personal information.  One way that has become very common in recent weeks is a SIM card security hack. The SIM is a small chip that we buy in telecommunication companies in order to open a telephone line and data plan.  Although it seems insignificant, this card stores your contacts, photos, and videos, and the country in which you live– sometimes even your banking information. 

How can a SIM card be attacked?

According to BBC, there are 2 attack methods against SIM chips: “swapping” and “hijacking.” Both terms were coined by Joel Ortiz, a young 20-year-old who was detained in July for having hacked 20 smartphones. Thanks to these techniques, he was able to rob the equivalent of $5 million in crypto coins. 

In an interview for the technology website, Digital Trends, Emma Mohan-Satta of Kaspersky Labs stated that “SIM swapping” is a type of identity theft that exploits these cards’ biggest vulnerability: it works on any platform or device. 

According to the company, ESET, cybercriminals use social engineering to get information and unlimited access to devices. In this case, hackers have previous information about the victim, possibly obtained through false emails promising gifts. Then, they call the mobile service provider to take over the real user’s identity. Hackers pretend that they’ve lost their SIM card and ask for a replacement. If they successfully trick the operator, they will have total control of the telephone number. With that, hackers can receive SMS messages with codes to access accounts. For example, banks send a security code to your smartphone to access or change an account.  Meanwhile, smartphone users don’t understand why they can’t use their phones. 

The second method, “SIM hijacking” is more complex. This is due to the fact that a malicious code with spyware is sent through a text message. It hopes that those who receive the SMS open it, and thus cyber criminals may access user information in real-time. They can then spy on all calls, messages, and geo-locations of their victims.  

Hackers take advantage of the SIM card software’s vulnerability to gain access. The chip features a navigation tool so that users can browse the internet.  The application isn’t often used due to its simplicity; only a few phone companies put in their own navigator, as an option to offer their clients discounts and subscriptions. But it’s common that their users choose other options like Chrome or Firefox. The dangerous thing is that hackers can use the browser as an access point, even if the application isn’t used. 

How to protect yourself against these threats?

The easiest thing to do is to avoid sharing private information on social networks and the internet. You can activate alarms in your banking apps in case of strange activity, or ask your phone company not to allow a change of SIM card over a phone call. 

Andrew Blaich, a security researcher at Lookout, started for Digital Trend that “users can protect themselves by using services that do not use text or SMS messages for their passwords. Instead, they can use apps like Google Authenticator and another number of applications that provide a similar service, since these SMS messages aren’t encrypted.”