Avatar
Danie 1y ago

SIM swappers hijacking phone numbers in eSIM attacks: Protect your cellular service account

Previously, SIM swappers relied on social engineering or worked with insiders at mobile carrier services to help them port a target's number. However, as companies implemented more protections to thwart these takeovers, cybercriminals turned their attention to emerging opportunities in new technologies.

Now, attackers breach a user's mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim's number to another device on their own.

They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.

To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account and enabling two-factor authentication if available.

But it also does show that banks should not be relying solely on SMS or authentication by SIM.

See https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/

#technology #esim #vulnerabilities

Reply to this note

Please Login to reply.

Discussion

Avatar
Dr. C 1y ago

As someone who was a victim of this and also who had someone set up an account in my name at my cellphone company that I had no access to, this was a nightmare. Moving out of the country and letting go of cellular service helped.