Cybercriminals exploiting eSIM tech to hijack data, access bank accounts, warn researchers

In a stark warning, F.A.C.C.T., a leading Russian cybersecurity firm, has raised alarm about the sinister use of eSIM technology by criminals to pilfer phone numbers, enabling access to sensitive bank accounts. The revelation, reported by Bleeping Computers, sheds light on a disturbing trend where eSIM, initially designed for convenience, are now being exploited as tools for nefarious activities.

What is eSIM Technology?

eSIM, or electronic SIM card, represents a digital evolution of physical SIM, residing within mobile device chips and offering identical functionality with the added benefit of remote reprogramming capabilities. Users can seamlessly integrate an eSIM into their devices by scanning a provided QR code from their service provider. Widely embraced by smartphone manufacturers, this innovation eliminates the need for traditional SIM card slots and facilitates cellular connectivity even in compact wearables.

Also read: Google Gemini could expose sensitive information; researcher warns about the abuse of chatbot

The Adapting Tactics of Cybercriminals

However, cybercriminals have proven adept at exploiting the vulnerabilities inherent in eSIM technology. Since the autumn of 2023, analysts at F.A.C.C.T.'s Fraud Protection division have observed a surge in attempts to breach personal accounts within a prominent financial institution. These attackers, employing a technique known as SIM swapping, infiltrate users' mobile accounts using various means, including stolen or brute-forced credentials. Subsequently, they initiate the porting of victims' numbers to their own devices by generating QR codes through compromised accounts. This malicious manoeuvre effectively wrests control of the victim's phone number while deactivating their legitimate eSIM or physical SIM card.

Access to Sensitive Data

Once in possession of a victim's mobile phone number, criminals gain unfettered access to a treasure trove of sensitive information according to the report. This includes obtaining access codes and circumventing two-factor authentication measures across a spectrum of services, ranging from banking platforms to messaging applications. With the stolen phone numbers, cybercriminals can even manipulate SIM-linked accounts in messenger apps, assuming the victim's identity to perpetrate fraudulent activities, such as soliciting illicit monetary transfers.

Also read: Nvidia CEO Jensen Huang Faces Sky-High Investor Expectations at Upcoming AI Conference

How to Protect Yourself Against eSIM Scams

As this insidious threat looms large, cybersecurity experts advocate for stringent measures to safeguard against eSIM scams:

1. Employ robust, unique passwords for each application and update them regularly.

2. Enable two-factor authentication across all critical accounts, such as email, banking apps, and social media, and refrain from sharing these codes with anyone.

3. Remain vigilant for SMS messages related to SIM blocking or transfer requests and verify their authenticity.

Additionally, adhere to fundamental security practices, such as refraining from divulging personal information to unknown entities, to mitigate the risk of falling victim to eSIM-related scams.