How We Can Use The eSIM Technology Safely

The eSIM technology has provided both convenience and flexibility to mobile phone users especially those who travel and would like to have mobile phone service where they are.

There is however one little problem with the use of eSIMs and if not address leaves a vulnerability taken advantaged by cybercriminals. This problem is not directly with eSIMs but with how someone would request their mobile phone provider to assist them remotely swapping their mobile phone number from one eSIM to another.

Cybercriminals found out that most mobile phone providers verified their customers by asking question, the answers for which they could get using social engineering. This makes it possible for them to impersonate the customers of mobile phone service providers and request a number swapped to their own eSIM which gives them access to the customer’s number, known as SIM swapping.

An actress Sydney Sweeney, in 2024, had that misfortune when she lost her number to cybercriminals who then were able to reset her X social media account password because SMS-based two-factor authentication (2FA) was used. They then tricked her followers with a cryptocurrency scam using impersonation New York Post.

Advantages of Using eSIMs

eSIMs are digital the replacement to the physical SIM card and allows mobile phone users to easily enable or disable their phone plan. For example, whenever you travel to another country mobile you can easily enable a phone plan in there, without the need to change a physical SIM card. As mentioned earlier, this convenience presents potential security risks, especially when a mobile service provider uses user account verification processes that are vulnerable to impersonation.

Let's Take a Closer Look at How SIM Swapping is achieved

1. Social Engineering: The cybercriminal first gets as much information they can about their victim by using social engineering techniques. They would then use that information to help with their impersonation attempt.
2. SIM Swapping: Because most mobile service provider use question, answers for which can be found using social engineering, cybercriminals are able to easily impersonate their customers and convince the customer service agent to do the SIM swap.
3. Being Able to Use the Number: Once the SIM swap happens, the real owner of the number will noticed that they are without signal and may conclude there is a problem with there phone or a temporary network downtime.
4. Controlling the Account: Because the all calls and SMS message now go to the cybercriminal’s phone, they can reset passwords for accounts that use SMS-based 2FA.

The Vulnerability of SMS-Based 2FA

SMS-based 2FA is a common security measure that sends a verification code to a user's phone number. However, it is highly vulnerable to SIM-swapping attacks, where attackers gain control of a victim's number and intercept 2FA codes. This weakness allows them to bypass account security measures, making SMS-based 2FA less secure than app-based or hardware-based.

Steps you can take to prevent SIM swapping

• Improving Your Account’s Security: Use a password manager to help creating secure passwords for your online accounts and only use the app-based or hardware-based 2FA methods a never use SMS-based 2FA.
• Added Security from your Mobile Service Provider: Contact your mobile service provider and ask if you can add a unique PIN to your account to require verification for any change. This would prevent a cybercriminal’s impersonation attempt with the customer service agent being successful.
• Monitor Account Activity: If possible, regularly review account related activity logs that are in your mobile service provider’s member portal or setup alerts for suspicious activities.
• Become Aware Phishing Attacks: Be aware of what social engineering is and attempts being made that request personal information, and always verify the authenticity of such requests through the official channels like directly calling your bank or mobile provider.

Conclusion

Let’s look at the lessons we can learn from the SIM swap that affected Sydney Sweeney. Change all SMS-based 2FA methods to using the app or hardware 2FA methods and wherever possible enable additional security features that your mobile service provider has, for example the use of a PIN on your account that would be required to authorize any change on your account.

With the growing use and popularity of eSIMs we must balance the convenience and flexibility with a security awareness of potential cyber risks that may arise.

To remain safe at a time when many systems are becoming digital, ensure that more than one security verifications are enabled and that you understand how to correctly use them. For example, instead of only needing a password to access your account, also require another form of authentication like adding an app-based or hardware-based 2FA. Also become aware of different types of techniques so that you would not fall prey to different forms of social engineering techniques geared to collect personal information about yourself that will be used in impersonation attempts.

As the use of eSIM increases, ensure that you keep an awareness of current news related to cybersecurity risks. The future of secure communication depends on you being proactive, so that you remain informed and safe.

Click this link If you would like to know more about Social Engineering: Cybercriminals In Your Socials or Continue to stay ahead and aware of the tactics used by cybercriminals by joining our FREE MasadaOffensive Guide or MasadaOffensive Mastery monthly  or annual subscriptions.