Can your eSIM be hacked?

One of the problems of the modern world is hacker attacks. In recent years, cyber attacks have been on the rise. According to a report by Cybersecurity Ventures, the global cost of cybercrime reaches $10.5 trillion a year by 2025, up from $3 trillion in 2015. Also in the last year, the number of records compromised by data breaches has reached a staggering 43 billion. Mobile devices have targeted by hackers over the past 3 years. Around 170,000 new mobile malware installer packages have discovered, indicating a large increase in hacker attacks. It is important to note that the threat landscape is constantly evolving, with new attack vectors and trends emerging over time. Do you think there is an eSIM hack?

Related: “Is eSIM Safe? Everything You Need to Know“

SIM card hacking — The Concept and Reasons

SIM hacking is illegal access or illegal handling of the subscriber identity module. Such hacks can occur in a variety of ways, including exploiting vulnerabilities in technology, social engineering techniques or attacks on the infrastructure that supports the SIM card system.

A personal data module for cellular communications can be hacked for a variety of reasons:

1. One of the main reasons SIM cards are hacking is for financial gain. Hackers can hack into cards to access personal information, financial accounts or payment systems associated with a phone number. This allows them to carry out fraudulent activities such as unauthorised transactions or theft of funds;
2. Can eSIM be hacked for the purpose of identity theft? Hackers, by controlling a victim’s physical or electronic SIM card (but in the case of Embedded SIM it is more complicated), can intercept calls and messages, access confidential information and impersonate the victim for malicious purposes;
3. Some hackers may target specific individuals or organisations for espionage and surveillance. Once a module is compromising, they can intercept communications, monitor activities and collect sensitive information;
4. Chip hacks can carry out using social engineering, where hackers trick mobile network operators or customer service representatives into transferring a victim’s phone number to a card they control;
5. Vulnerabilities in the SIM card itself can also cause hacks. Hackers look for weaknesses in software, encryption algorithms or communication protocols to gain unauthorised access;
6. Some hacks may be politically motivated. For example, hacktivist groups or individuals may attack mobile communications to disrupt operations or gain unauthorised access to sensitive information.

Comparison of physical SIM and eSIM in hacking examples

• Numerous examples of attacks on physical SIM cards have revealed that they have more security vulnerabilities than the electronic versions. Hackers can exploit these vulnerabilities to gain unauthorised access to the SIM card and extract sensitive information, including encryption keys and personal identification data;
• The physical version of the card can be easily stolen and cloned. Hackers can clone a SIM card by gaining access to its unique identification number (IMSI) and other relevant information. Once cloned, an attacker can use the copied SIM card, posing as the original user, to make calls, send messages or access services on behalf of the victim. Are eSIM cards safe? An e-SIM, on the other hand, cannot be physically stolen and is embedded in the phone, so is less accessible to cloning;
• In SIM hijacking attacks, hackers use social engineering to convince mobile network operators or customer service representatives to transfer a victim’s phone number to the SIM card the hacker controls. The hacker then takes control of the victim’s accounts, can intercept messages or calls and commit fraud. A physical SIM card is difficult to recover, requiring a lot of time and paperwork, in the case of an Embedded SIM, it is easy to change the number without documents and a personal visit to a mobile phone shop, plus the data is more secure.

Is it safe to use eSIM?

Why are electronic SIMs less vulnerable to hacking than physical SIMs? An e-SIMs are considered to have a higher level of security than their physical counterparts.

1. An embedded SIM has a special secure chip that securely stores and protects data. This chip is designing to be tamper-resistant and incorporates robust security measures that make it difficult for hackers to gain unauthorised access to an eSIM.
2. It is possible to provision and manage MFF2 remotely by mobile network operators. This eliminates the need for physical handling of SIM cards, reducing the risk of interception and cloning.
3. e-SIMs support advanced eSIM security methods, such as mutual authentication, which verifies the identity of the device and the network. This increases the security of communication between the device and the network, preventing unauthorised interception or data manipulation.
4. Because eSIMs are embedded directly into devices, they are not as easily accessed as physical SIM cards. This makes it more difficult for attackers to physically tamper with or remove personal data for malicious purposes.

Summary

It is important to note that SIM card hacks have serious consequences, such as identity theft, financial fraud and unauthorised access to sensitive information. Should I use eSIM or physical SIM? The choice is yours, but experience has shown that MFF2 technology: the M2M form factor is many times superior in terms of security and data integrity. To protect against physical cards or e-SIM hacking, we recommend to follow practices such as regularly updating devices and software, using strong passwords, being careful when transmitting personal information and contacting the mobile network operator if you suspect unauthorised handling of your personal data module.