Skip to main content

Three Ways Your SIM Card Can Be Hacked And Here is How to Protect It.

By Editor
Your SIM card is a security risk! Learn how SIM cards can be hacked and what you can do to protect your phone.



With new online threats popping up every day, you need to stay in the know on new security loopholes. And since you're reading this, you probably already know that your smartphone's operating system needs regular updating to stay safe from threats.
However, surprisingly, a SIM card can also be a source of security vulnerabilities. Here, we'll show you some ways hackers can use SIM cards to gain access to devices—along with providing advice on how to keep your SIM card safe.

1. Simjacker

In September 2019, security researchers at AdaptiveMobile Security announced they had discovered a new security vulnerability they called Simjacker. This complex attack carries out SIM card hacking by sending a piece of spyware-like code to a target device using an SMS message.



If a user opens the message, hackers can use the code to spy on their calls and messages—and even track their location.
The vulnerability works by using a piece of software called S@T Browser, which is part of the SIM Application Toolkit (STK) that many phone operators use on their SIM cards. The SIMalliance Toolbox Browser is a way of accessing the internet—essentially, it's a basic web browser that lets service providers interact with web applications like email.

However, now that most people use a browser like Chrome or Firefox on their device, the S@T Browser is rarely used. The software is still installed on many devices, though, leaving them vulnerable to the Simjacker attack.
The researchers believe this attack has been used in multiple countries, specifying that the S@T protocol is "used by mobile operators in at least 30 countries whose cumulative population adds up to over a billion people," primarily in the Middle East, Asia, North Africa, and Eastern Europe.

They also believed the exploit was developed and used by a specific private company, which was working with various governments to monitor specific demographics—such as journalists and activists.
All kinds of phones are vulnerable, including both iPhones and Android devices. Simjacker even works on embedded SIM cards (eSIMs).

2. SIM Card Swapping



Another SIM card security issue you may have heard of is SIM card swapping. Hackers used a variation of this technique to take over Twitter CEO Jack Dorsey's personal Twitter account in August 2019. This event raised awareness of how these attacks can be destructive. The technique uses trickery and social engineering, rather than technical vulnerabilities.

To perform a SIM card hacking through a SIM card swap, a hacker will first call up your phone provider. They'll pretend to be you and ask for a replacement SIM card. They'll say they want to upgrade to a new device and, therefore, need a new SIM. If they are successful, the phone provider will send them the SIM.

Then, they can steal your phone number and link it to their own device. All without removing your SIM card!
This has two effects. First, your real SIM card will get deactivated and stop working. And secondly, the hacker now has control over phone calls, messages, and two-factor authentication requests sent to your phone number. This means they could have enough information to access your accounts, and could lock you out of those too.

SIM card swapping is hard to protect against as it involves social engineering. Hackers must convince a customer support agent that they are you. Once they have your SIM, they have control over your phone number. And you may not even know you're a target until it's too late.

3. SIM Cloning

Many times, people try to put SIM swapping and SIM cloning under that same umbrella. However, SIM cloning is more hands-on than the other option.

In a SIM clone attack, the hacker first gains physical access to your SIM card and then creates a copy of the original. Naturally, for copying your SIM card, the hacker will first take out your SIM from the smartphone.
They do this with the help of a smart card copying software, which copies the unique identifier number—assigned to you on your SIM card—onto their blank SIM card.

The hacker will then insert the newly copied SIM card into their smartphone. Once this process is complete, consider your unique SIM card identity to be as good as gone.
Now, the hacker can snoop in on all the communications that are sent to your phone—just as they can in SIM swapping. This means they also have access to your two-factor authentication codes, which will let them hack into your social media accounts, email addresses, card and bank accounts, and more.

Hackers can also use your stolen SIM card identity to carry out scams where a unique phone number might be needed.

How to Keep Your SIM Card Safe

If you want to protect your SIM card against attacks like these, thankfully there are some precautions that you can take.

1. Protect Against Socially Engineered Attacks

To protect against SIM card swaps, make it hard for hackers to find information about you. Hackers will use data they find about you online, such as names of friends and family or your address. This information will make it easier to convince a customer support agent that they are you.

Try to lock down this information by setting your Facebook profile to friends-only and limiting the public information you share on other sites. Also, remember to delete old accounts you no longer use, to prevent them being the target of a hack.



Another way to protect against SIM card swaps is to be on the lookout for phishing. Hackers may try to phish out information from you that they can later use to copy your SIM. Be alert for suspicious emails or login pages. Moreover, be careful where you enter your login details for any account you use.

Finally, consider what methods of two-factor authentication you use. Some two-factor authentication services will send an SMS message to your device with an authentication code. This means that if your SIM is compromised, hackers can access your accounts even if you have two-factor authentication on.

Instead, use another authentication method like the Google Authentication app. This way, the authentication is tied to your device and not your phone number—making it more secure against SIM card swaps.

2. Set a SIM Card Lock.

To protect against SIM attacks, you should also set up some protections on your SIM card. The most important security measure you can implement is to add a PIN code. This way, if anyone wants to modify your SIM card, they need the PIN code.

Before you set up a SIM card lock, you should ensure you know the PIN given to you by your network provider. To set it up, on an Android device, go to Settings > Lock screen and security > Other security settings > Set up SIM card lock. Then, you can enable the slider for Lock SIM card.
On an iPhone, go to Settings > Cellular > SIM PIN. On an iPad, go to Settings > Mobile Data > SIM PIN. Then enter your existing PIN to confirm, and the SIM lock will be activated.

#MUO

#osutayusuf

Comments

Post a Comment

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

By Editor
📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed
Post a Comment
Read more

How to Host a Website for Free From Your PC or Laptop.

By Editor
Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c
Post a Comment
Read more

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

By Editor
POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.
Post a Comment
Read more