Rising threat: Cybercriminals exploiting eSIM vulnerabilities to commit SIM card fraud

SIM card fraud is a pervasive issue and a growing concern in cybersecurity. Hackers, leveraging advancements in technology, are adopting new methods, with recent reports highlighting a shift towards exploiting eSIM profiles to perpetrate frauds.

Unlike traditional SIM cards, eSIMs are digital counterparts that can be programmed remotely, granting hackers the ability to seize control of users' primary numbers for illicit purposes.

Sensitive data

The inherent value of mobile numbers as gateways to sensitive data makes them lucrative targets for hackers.

Exploiting vulnerabilities in eSIM activation processes, cybercriminals can remotely programme eSIMs using readily available information about the owner, bypassing traditional authentication measures employed by telecommunications companies.

A notable Russian cybersecurity firm, FACCT, has drawn attention to the security vulnerabilities associated with eSIMs.

QR codes

The ease of activating eSIMs via QR codes presents a convenient avenue for malicious actors to exploit.

Once they gain access to a victim's phone number, hackers can proceed to execute various nefarious activities, including unauthorised access to bank accounts and extraction of personal information from messaging apps.

While eSIM adoption has primarily been a secondary option for many users, the introduction of eSIM-only iPhone models by Apple in select markets points out the need for heightened awareness and vigilance against such fraudulent practices.

Two-factor authentication

To reduce the risks posed by eSIM fraud, individuals are advised to implement additional security measures such as two-factor authentication and the use of authenticator apps for account protection.

Embedded Subscriber Identity Modules (eSIMs) function similarly to physical SIM cards but offer the added flexibility of remote reprogramming and provisioning.

FACCT’s fraud protection analysts have documented a huge increase in attempts to compromise clients' personal accounts across online services, particularly within the financial sector, since the fall of 2023.

Criminals exploit the capability to replace or restore digital SIM cards, transferring control of the victim’s phone number to their own device equipped with an eSIM.

Earlier tactics

Previously, SIM swappers relied on social engineering tactics or collaborated with insiders at mobile carrier services to facilitate number porting.

However, as security measures improved, cybercriminals shifted their focus to exploiting vulnerabilities in emerging technologies.

Attacker’s normally breach users’ mobile accounts using stolen or brute-forced credentials, initiating the porting process independently.

Now, by generating QR codes through compromised accounts, hackers can activate new eSIMs on their devices, effectively hijacking the victim's number while deactivating their legitimate eSIM or SIM card.

The evolving tactics employed by cybercriminals underscore the importance of proactive measures to safeguard against eSIM fraud.

Heightened awareness, coupled with robust security practices, is essential in minimising the risks posed by these sophisticated schemes in an increasingly digitised world.