Two ways that hackers can hack your SIM card (and how to protect it)
https://newsstechh.blogspot.com/2019/10/two-ways-that-hackers-can-hack-your-sim.html
Two ways that hackers can hack your SIM card (and how to protect it)
You may know that your smartphone's operating system needs regular updates to protect against vulnerabilities. But your SIM card can also be a source of security vulnerabilities. I will show you two ways that hackers can penetrate your SIM card, and I will advise you on how to keep your SIM card safe.
3. Other security tips
As always, you should use strong passwords created individually. Do not reuse old passwords or use the same password on multiple accounts.
Also, make sure that your answers to password recovery questions are not publicly available, such as your mother's maiden name.
Finally, attacks on mobile devices have become more complex. Simjacker and SIM swap attacks attack each of the targeted SIM cards, but they do so in different ways. Simjacker is a technical attack that exploits security vulnerabilities in software used by phone operators. SIM swap attacks use social engineering to get a copy of your SIM card.
You may know that your smartphone's operating system needs regular updates to protect against vulnerabilities. But your SIM card can also be a source of security vulnerabilities. I will show you two ways that hackers can penetrate your SIM card, and I will advise you on how to keep your SIM card safe.
Simjacker
In September 2019, security researchers at AdaptiveMobile Security announced that they had discovered a new vulnerability they called Simjacker. This complex attack targets SIM cards. It does this by sending a piece of spyware-like code to a target device by using an SMS message.
If the target opens the message, hackers can use the code to scan them by spying on their calls and messages and even tracking their location.
The vulnerability is caused by the use of a program called S @ T Browser, which is part of the SIM application toolkit (STK) used by many phone operators on their SIM cards. SIMalliance Toolbox Browser is a way to access the Internet - essentially a basic web browser - that allows service providers to interact with web applications such as email.
However, now that most people use a browser like Chrome or Firefox on their devices, they rarely use the S @ T browser. The software is still installed on a large number of devices, making them vulnerable to Simjacker attack.
Researchers believe that this attack has been used in multiple countries over the past two years, specifically that the S @ T protocol is used by mobile operators in at least 30 countries with a cumulative population of over 1 billion people, mainly in the Middle East, Asia and North Africa and Eastern Europe.
They also believe that this exploitation was developed and used by a particular private company, working with different governments to monitor specific people. Currently, this attack targets between 100 and 150 people daily.
Because the attack works on SIM cards, all types of phones are vulnerable, including iPhones and Android devices, and even on embedded SIM cards (eSIMs).
2- SIM Card Swapping
Another SIM card security issue you may have heard about is switching the SIM card. Hackers used a different form of this technology to acquire Twitter's personal Twitter account of Jack Dorsey, CEO of Twitter in August 2019. The event raised awareness of how devastating these attacks might be. A relatively simple technique uses deception and human engineering rather than technical weaknesses.
In order to perform a SIM card switch, hackers first call your phone provider. They will pretend to be you and ask for a replacement SIM card. They will say that they want to upgrade to a new device and therefore need a new SIM card. If the hackers succeed, the phone provider will send them a SIM card, then they can steal your phone number and connect it to their own devices.
This hack has two effects. First, your real SIM card will be deactivated by your provider and will stop working. Second, the hacker now has control over phone calls, messages, and two-way authentication requests sent to your phone number. This means they can have enough information to access your bank accounts, email and more. They may be able to lock your other accounts.
It is difficult to protect the SIM card switch. This is because hackers can convince a customer support agent that you are. Once they have a SIM card, they can control your phone number. You may not even know that you are a target until it is too late.
How to keep your SIM card safe
If you want to protect your SIM card against such attacks, there are a few steps you can take.
1- Protection against social engineering attacks
To protect against SIM card swaps, hackers should find it difficult to find information about you. Hackers will use data they find about you online, such as friends and family names or your address. This information will make it easier to convince your customer support agent that you are.
Try locking this information by setting your Facebook profile to friends only and restricting public information you share on other sites. Also remember to delete old accounts that you no longer use to prevent them from being the target of the hack.
Another way to protect against SIM card swaps is to beware of phishing. Hackers may try to scam you for more information that they can use to copy your SIM card. Be on the lookout for suspicious emails or login pages. Be careful when entering the login details of any account you use.
Finally, consider your two-factor authentication methods. Some two-factor authentication services will send an SMS to your device with an authentication code. This means that if your SIM card is compromised, hackers can access your accounts even if you have two-factor authentication.
Instead, use another authentication method such as Google Authentication. This way, authentication is tied to your device, not your phone number, making it more secure against SIM card swaps.
2- Set SIM card lock
To protect against SIM attacks, you must also set up some protection on your SIM card. The most important security measure you can implement is to add a PIN code to your SIM card. This way, if anyone wants to make changes to your SIM card, it needs a PIN code.
Before you set up the SIM card lock, you must make sure you know the PIN provided by your network provider. To set it up, go to Android settings to Settings> Screen lock & security> Other security settings> Set up SIM card lock. Then you can enable the slider for SIM card lock.
On your iPhone, go to Settings> Cellular> SIM PIN. On your iPad, go to Settings> Mobile data> SIM PIN. Then enter the current PIN to confirm, and the SIM card lock will be activated.
As always, you should use strong passwords created individually. Do not reuse old passwords or use the same password on multiple accounts.
Also, make sure that your answers to password recovery questions are not publicly available, such as your mother's maiden name.
Finally, attacks on mobile devices have become more complex. Simjacker and SIM swap attacks attack each of the targeted SIM cards, but they do so in different ways. Simjacker is a technical attack that exploits security vulnerabilities in software used by phone operators. SIM swap attacks use social engineering to get a copy of your SIM card.
