November 2024 - Watching Out For eSIM Swaps

For security professionals, educating the C-suite on the evolving landscape of mobile security is crucial. With the adoption of embedded SIM (eSIM) technology, mobile devices are more versatile, but they also face new vulnerabilities.

Unlike traditional SIM cards, eSIMs are integrated into devices and remotely programmable, making them a target for cybercriminal activity. Here’s a look at the recent trends and key security advice you can share with executives and board members to help protect their mobile accounts from eSIM hacking.

SIM Cards vs eSIM Cards
A SIM card is a tiny chip provided by your mobile network that links your phone to the cellular network and verifies your identity, granting you access to data services. Besides identification, it can hold data like contacts, messages, location data, and important security credentials.

In the past, SIM cards were physical chips that could be swapped between phones by simply inserting and removing them, which meant someone would need physical access to your device to tamper with it. Today, however, many phones use an eSIM, or embedded SIM, which is built into the device and cannot be physically removed.

This type of SIM makes it easy to transfer information to a new device—often just by signing in to an account, with data syncing from the cloud. While this feature is convenient, it also opens up the risk of a bad actor convincing a carrier representative to reassign a victim’s phone number to a SIM card the attacker controls.

The Growing Threat of eSIM-Related Hacks
With eSIM technology becoming more prevalent, there’s been a notable rise in eSIM hacking cases. Cybercriminals are exploiting the remote programmability of eSIMs to gain unauthorized access to mobile accounts. The risk is especially pronounced with a type of attack known as SIM swapping.

How eSIM SIM Swapping Works
SIM swapping is a technique where an attacker uses compromised or brute-forced credentials to transfer a victim’s phone number to a new eSIM.

Once this is done, the attacker can intercept the victim’s calls, texts, and, critically, multifactor authentication (MFA) codes, gaining access to personal accounts and sensitive information. This kind of attack can result in serious consequences, from unauthorized access to social media accounts to financial theft, and even data breaches affecting personal or corporate information.

Regardless of SIM, The Risk Remains the Same
While there are differences between SIM and eSIM cards, both variations carry the same underlying risk.

Both SIM and eSIM cards can be swapped. While the methods are different, both types of SIM cards can be compromised if a person does not take the proper steps to protect themselves.

And the best method to do so is to work with your mobile carrier. One method is to place a number lock on your phone number. You may be able to do this by navigating the settings within your mobile carrier account. A number lock would make it so your number could not be swapped to another SIM card without you removing the lock.

You can also request a port freeze, which is when the ability to transfer a phone number from one carrier to another is restricted.

If you go this route, know that you may have to go into a physical store and produce proof of identification to complete the task.

eSIM attacks are likely to start with the cybercriminal in question attempting to convince the carrier to move the number, which would allow them to receive all of your texts and phone calls. Be sure to harden your accounts and stay in touch with the mobile provider to ensure you are staying safe.

How to Spot an eSim Hack

• There are several indicators that someone may be a victim of an eSim hack. Here are some of the more common signals:
• The victim is experiencing login issues to mobile apps or account lockouts that they did not authorize
• The victim is receiving password reset notifications they did not request
• They notice a sudden loss of phone service or have a lengthy period of no mobile signals
• They experience unexpected financial transactions

If an executive suspects they are the victim of an eSim hack, first, advise them to contact their mobile provider as quickly as possible to begin an investigation. Additionally, security professionals should tell the executive to contact their financial organizations immediately to ensure that all of their finances are in order. Make sure they maintain a record of the interactions with both organizations in the event of future disputes.

Other Essential Security Practices to Share with Executives
As these threats evolve, it’s important to communicate proactive security measures clients can adopt to protect their mobile devices:

• Use Strong, Unique Passwords: Advise executives to use complex, unique passwords for their mobile accounts. Weak or reused passwords are an easy entry point for cybercriminals.
• Enable Multi-Factor Authentication (MFA): While multi-factor authentication is crucial, encourage executives to use app-based authenticators or hardware keys over SMS-based MFA. By using text-based MFA, you run the risk of having those messages come into the possession of bad actors should they successfully swap a SIM card.
• Monitor for Unusual Account Activity: Urge executives to regularly review their mobile account activity. Unusual signs, such as missed calls, lack of service, or unfamiliar login notifications, should be addressed immediately.
• Limit Personal Information Online: Remind executives that sharing personal information publicly increases their vulnerability. Cybercriminals often gather data from social media and public forums to guess passwords or security answers.
• Verify Any Requests for Sensitive Information: Instruct all employees to verify the legitimacy of any requests for sensitive information, whether via email, text, or phone call. Scammers often pose as service providers, and even a brief verification can prevent many attacks.

Addressing eSIM Security With Executives
With the Federal Bureau of Investigation issuing public warnings about SIM-swapping attacks, now is the time to educate all of your employees on being vigilant. In addition to adopting security practices, it’s beneficial for employees to stay informed on emerging threats and verify any requests for sensitive information. Security professionals can play a key role by staying updated on cybersecurity developments and guiding clients toward robust protective measures.

As eSIM technology continues to evolve, so will the tactics of cybercriminals. A proactive, informed approach is the best defense executives and all employees have against the risks associated with eSIM hacking.