SIM Swappers Are Exploiting eSIM Vulnerabilities for Financial Frauds: Report

SIM swapping crimes are on the rise globally, according to a new report. These crimes are primarily committed using eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards which are embedded into a device using a software. Hackers are now reportedly exploiting vulnerabilities within this technology to brute force into the victim’s phone account to port the number to their own device. The findings also revealed that the bad actors are mainly interested in victim’s online banking accounts and other financial services.

The information comes from the Russian cybersecurity firm FACCT, a spin-off of Group IB. In its report, it highlighted that it has recorded “more than a hundred attempts to enter clients’ personal accounts in online services from just one financial organisation.” It also stated that cybercriminals have been using this method globally for at least a year.

Modus operandi of the cybercrime is straightforward. Earlier, the criminals would deploy social engineering strategies or use insiders at telecom companies to illegally port numbers to their devices. However, the report states that now the hackers have resorted to exploiting the vulnerabilities within eSIM. While it did not explain the technicalities, the process includes accessing the phone account credentials of a victim by either stealing them, getting access to leaked details through data breach incidents, or brute-forcing their way into the victim’s account.

Once the SIM swappers gain the credentials, they generate QR codes through the hijacked phone account which can be used to port the device directly, circumventing the usual procedure. The report also added that the criminals were only focused on committing financial fraud by accessing the victim’s online banking accounts, crypto wallets, and more.

“Having gained access to the victim’s mobile phone number, cybercriminals can obtain access codes, two-factor authentication for various services, including banks, instant messengers, which opens up a lot of opportunities for attackers to implement criminal schemes,” said Dmitry Dudkov, Fraud Protection Department Specialist at FACCT.

FACCT also urged eSIM users to improve the security of their phone account by using two-factor authentication and keeping a complex password which includes a randomised alphanumeric series and special characters. For added security, users can opt for authenticator apps.