Report Reveals SIM Swappers Exploiting eSIM Vulnerabilities for Financial Frauds
eSIM Vulnerabilities: How SIM Swappers Access Victims’ Accounts
The rise in SIM swapping crimes globally is concerning, particularly as hackers increasingly target eSIM users. eSIMs, which are digitally stored SIM cards embedded into devices using software, have become a prime target for cybercriminals. These criminals exploit vulnerabilities within eSIM technology to forcefully gain access to victims’ phone accounts and port their numbers to the attackers’ devices. Their primary objective? Gaining unauthorized access to victims’ online banking accounts and other financial services.
FACCT, a Russian cybersecurity firm affiliated with Group IB, recently shed light on the alarming trend. According to their report, they’ve detected over a hundred attempts to breach clients’ personal accounts in online services from just one financial organization. This tactic has been employed by cybercriminals globally for at least a year, underscoring the seriousness of the issue.
The cybercriminals’ modus operandi is becoming increasingly sophisticated. While previously, they relied on social engineering tactics or insiders at telecom companies to illicitly port numbers, they’ve now turned to exploiting eSIM vulnerabilities.
Though the report didn’t delve into the technical details, the process typically involves obtaining the victim’s phone account credentials through various means, including theft, access to leaked information from data breaches, or brute-force attacks.
SIM swapping crimes are on the rise globally, according to a new report. These crimes are primarily committed using eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards which are embedded into a device using a software. Hackers are now reportedly exploiting vulnerabilities within this technology to brute force into the victim’s phone account to port the number to their own device. The findings also revealed that the bad actors are mainly interested in victim’s online banking accounts and other financial services.
The information comes from the Russian cybersecurity firm FACCT, a spin-off of Group IB. In its report, it highlighted that it has recorded “more than a hundred attempts to enter clients’ personal accounts in online services from just one financial organisation.” It also stated that cybercriminals have been using this method globally for at least a year.
Modus operandi of the cybercrime is straightforward. Earlier, the criminals would deploy social engineering strategies or use insiders at telecom companies to illegally port numbers to their devices. However, the report states that now the hackers have resorted to exploiting the vulnerabilities within eSIM. While it did not explain the technicalities, the process includes accessing the phone account credentials of a victim by either stealing them, getting access to leaked details through data breach incidents, or brute-forcing their way into the victim’s account.
