For more than a decade, mobile phones have been a crucial part of our daily life, and the little memory chip that makes your phone uniquely yours is the SIM card — providing a unique phone number to the users.
Now the eSIM card is a new entry in this SIM world.
Unlike a traditional physical SIM card, an eSIM card is a virtual SIM that functions the same way as a physical SIM – the difference is it is embedded with the actual hardware of the mobile phone device and can’t be removed or replaced manually.
When SIM swapping hijacks became a thing, cybersecurity experts innovated with eSIM, touting it as a more secure way to make sure your phone stays yours.
However, with each technology advance, new methods come in to try and beat the new security measures. Is history repeating itself with the eSIM?
What Is SIM Card Swapping?
SIM swapping is less of a technological trick and more to do with social engineering, often happening when a hacker contacts a person’s mobile carrier company and tricks their helpdesk agents into transferring and activating an old number on a new SIM card.
Once in control, this opens all sorts of doorways into a person’s personal life — especially two-factor authentication for verification — putting anything from social media accounts to bank accounts at risk.
What Is An eSIM Card?
eSIM stands for embedded SIM (eSIM) — a digital form of a physical SIM card. They are remotely programmable and embedded into the hardware of some new smartphones, tablets or smartwatches.
eSIMs can be configured with a simple and remote script, so there’s no more using the little pins to swap a SIM each time you want to change a number or carrier.
How Are eSIMs Getting Hacked?
As ever, a lot of this comes down to user awareness. Spoof texts that appear to come from a carrier can ask the phone owner to update their credentials, or to reveal personal information – for instance the PIN number to an online portal.
If you give away your details, a hijacker can port your number away from your phone — which, in one swoop, can disconnect your phone from your network, give the bad actor access to your number on another phone, and give them access to your private information — for instance, use your text messages to access 2FA-locked services.
Ways to Protect Yourself
As always, protecting your personal information is always the first step.
Be suspicious of calls, emails, or messages that claim to be from your carrier.
Use PIN codes and other forms of protection to keep your phone your own.
If you receive messages about “changes of service” or find yourself locked out of apps, particularly banking or financial apps, start investigating immediately.
Limit the amount of personal information you give out online, and always ensure you are on legitimate websites or apps.