SIM swappers hijacking phone numbers in eSIM attacks: Protect your cellular service ...

npub1g2j…yjj6

2024-03-14 20:15:19

SIM swappers hijacking phone numbers in eSIM attacks: Protect your cellular service account

Previously, SIM swappers relied on social engineering or worked with insiders at mobile carrier services to help them port a target's number. However, as companies implemented more protections to thwart these takeovers, cybercriminals turned their attention to emerging opportunities in new technologies.

Now, attackers breach a user's mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim's number to another device on their own.

They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.

To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account and enabling two-factor authentication if available.

But it also does show that banks should not be relying solely on SMS or authentication by SIM.

See https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/

#technology #esim #vulnerabilities

Author Public Key

npub1g2jpj7x9rjcqd9dp3hnvja2tjr3q3hf362z3ulrfzpyfnsdw5qlqyayjj6

Show more details

Published at

2024-03-14 20:15:19

Kind type

1 Short Text Note

Event JSON

{ "id": "a823ed73b796a22f97d1ab0fc4096119a5a13940193cbc5c01aa15ca3bdfe500", "pubkey": "42a41978c51cb00695a18de6c9754b90e208dd31d2851e7c69104899c1aea03e", "created_at": 1710447319, "kind": 1, "tags": [ [ "t", "technology" ], [ "t", "esim" ], [ "t", "vulnerabilities" ], [ "imeta", "url https://image.nostr.build/3a8834edf17c989fea1d0307a4d94790dd05c962d344af0ff7db581c53d1fb98.jpg", "ox 3a8834edf17c989fea1d0307a4d94790dd05c962d344af0ff7db581c53d1fb98 https://nostr.build", "x f412224a3993ce048b0d3e30fcf76c51ac4f3a5f151ecadf86cebfae7a2cc40e", "m image/jpeg", "dim 1600x802", "bh L57x5c_NRjWX.8tRt6oe%gt7oft7", "blurhash L57x5c_NRjWX.8tRt6oe%gt7oft7" ] ], "content": "SIM swappers hijacking phone numbers in eSIM attacks: Protect your cellular service account\n\nhttps://image.nostr.build/3a8834edf17c989fea1d0307a4d94790dd05c962d344af0ff7db581c53d1fb98.jpg\n\nPreviously, SIM swappers relied on social engineering or worked with insiders at mobile carrier services to help them port a target's number. However, as companies implemented more protections to thwart these takeovers, cybercriminals turned their attention to emerging opportunities in new technologies.\n\nNow, attackers breach a user's mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim's number to another device on their own.\n\nThey can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.\n\nTo defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account and enabling two-factor authentication if available.\n\nBut it also does show that banks should not be relying solely on SMS or authentication by SIM.\n\nSee https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/\n\n#technology #esim #vulnerabilities", "sig": "7950dbae17b467dabd332fef3c7b99d305086be6a6ba85f88e5eaf2d2894cf437c74093102627b92bd92052c0bd8cf572148e1ac00cce4ad4a393dcfedc6e9a0" }