eSIM Vulnerabilities: SIM Swappers Exploit Flaws, Hijack Phone Numbers

According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards that are embedded using software into devices. As a result, hackers are now attempting to exploit vulnerabilities within this software to brute force their way into victims’ phone accounts to port their mobile numbers to their own devices through brute force. 

A study also indicated that bad actors are primarily interested in victims’ online banking accounts and other financial services, which explains why embedded Subscriber Identity Modules (eSIMs) function similarly to physical SIM cards. Still, they are digitally stored on mobile device chips and are similar to physical SIM cards. 

By scanning QR codes provided by service providers, these devices can be remotely reprogrammed and can also be activated and deactivated with various functionalities.

In addition, according to this report, F.A.C.C.T., a Russian cybersecurity company, notes that SIM swappers are exploiting eSIM systems with a surge in exploitation. 

Criminals can manipulate eSIM functionalities to gain control of phone numbers, allowing them to gain unauthorized access to sensitive accounts by bypassing security measures. As opposed to social engineering and insider assistance, attackers have switched tactics to exploit vulnerabilities in mobile accounts by using stolen credentials instead of social engineering and insider assistance. 

As a result, they can gain control of the victim’s phone number by generating QR codes within compromised accounts that are used to facilitate number porting, which is a method of gaining access to their compromised accounts. SIM swappers have previously relied on social engineering or insider assistance from mobile carriers to port the number of a target.

Cybercriminals, however, have turned their attention to emerging opportunities in new technologies as companies have implemented more protections to thwart these takeovers in the past few years.

It has now become common for attackers to breach a victim’s mobile account using stolen credentials, brute-forced credentials, or leaked credentials and then start porting the victim’s number to another device without their help. 

Essentially, hijackers can activate a new eSIM through the hijacked mobile account by generating a QR code through the hijacked mobile account and scanning it with their device. At the same time, the legitimate owner’s eSIM/SIM is deactivated, thus hijacking the number. 

Additionally, attackers who port their SIM numbers to their devices gain access to SIM-linked accounts in various messaging apps, which opens up more opportunities for them to scam other people, such as posing as the victim and tricking them into sending money, with additional advantages. 

Researchers recommend that cellular service providers use complex and unique passwords for their accounts and enable two-factor authentication if they can, to protect themselves from eSIM-swapping attacks.

There are several reasons why users should consider protecting their more valuable accounts with physical keys or authenticator apps, such as e-banking and cryptocurrency wallets. 

Among the security measures that users may use to mitigate such risks are to create strong passwords, to enable two-factor authentication, and to consider physical keys or authenticator apps as additional security measures. 

Thus, SIM swappers have inadvertently created new avenues for exploitation as a result of the development of eSIM technology.

Efforts must be made to protect users’ digital assets and personal information from cyber threats as cyber attacks evolve, and users must maintain vigilance by implementing robust security practices.