Hardware and software innovation has given us some exceptional new user experiences. There are far too many to mention, but the ability to use a credit card directly from your phone, access any and all information with the tap of a screen, and practically unlimited communication are instrumental examples of how fast technology is evolving.
While we are gaining access to new technology, equally, our risk for data breaches and unauthorized access to our devices is increasing as well.
This is a cat and mouse game where our laws are constantly at odds with hackers and other identify theft professionals. Computer protection has been a top priority to protect against malware, records protection, credit card numbers, and other forms of confidential information being compromised.
Far too many pieces of sensitive information go directly through our mobile devices, a breach and data leak can come directly through our phone number and it's something we should become aware of.
Today I want to focus on how SIM cards could be used and compromised through various forms of security breaches and specifically how to avoid an attack by using an eSIM.
This is not to say that an eSIM makes you invulnerable from a cyber breach or attack, but as an eSIM user, here are a few types of attacks you should watch out for and learn to avoid.
What is SIM-Jacking?
SIM-jacking is a type of breach that gives a hacker unauthorized access to your SIM through a text message. Messages usually include fake information directing you to a link. Tapping on that link compromises your phone and allows anyone to gain access to personal data, your location, personal details as well as calls and messaging through your SIM.
The link that you click opens a browser that gives your SIM instructions to share access and information back to the hacker. The moment your phone or device has access to a network, the theft has already occurred.
This is a SIM exploit of your operating system that rewrites instructions for your SIM. Currently, SIM-jacking is possible on all types of devices - including Apple or Android.
The best method to protect yourself against identity thieves is to never open a link from a source you do not know, can verify, or trust. It is far better to be safe than sorry since a SIM-jacking breach is something you will never detect.
Primarily, be wary of anyone claiming to represent:
- financial services
- credit fraud
- license numbers or license plate verification
- health information
- government agents
If you see a text notification like this, just delete it.
Dangers of SIM swapping
SIM swapping is a pernicious form of theft requiring the hacker to misrepresent you and commit fraud on your behalf.
Typically, the hacker will first gather extensive information on you, like user records, financial history, security questions, your payment card, and your phone number.
From there, they will call your cellular provider and pretend to be you claiming your SIM card was either lost or stolen. They will then provide the carrier with the necessary financial information, bank account, and any other needed number to gain access. Once the hacker has successfully convinced the company that they are indeed you, the provider will issue a new SIM card to them for their "new phone".
Now the breacher has access to your data plan, personal messages, call history, and phone number (free of charge). They can now contact any of your contacts and act like you from any device they please.
Because it's a physical SIM as well, there is also the disadvantage that the SIM can be removed and added to another device whenever the breacher feels like it.
Identity theft is a serious crime, and difficult to stop once it has occurred. The best way for you to stop your personal information from being compromised is to be extra careful online and continuously keep adapting.
Be aware of the types of places you're inputting sensitive data, if the site has a million customers or more, if your network is secure, if you're running virus protection software, or if any of your credit card numbers or other financial information has been stolen before.
Make sure you're adapting too, by changing passwords periodically and writing important passwords down in a notebook instead of storing them digitally.
Related: The Digital Nomad in the eSIM Age
When does SIM Cloning Occur?
Similar to SIM swapping, SIM cloning is a more direct process where hackers take your SIM card, copy the information to a blank SIM, and pretend to be you. This form of unauthorized access is incredibly difficult to pull off, but certainly not impossible.
Those primarily compromised by these attacks may be individuals who have access to trade secrets or sensitive information, like company executives or government officials.
If you're carrying a SIM card around, be aware of where you're leaving it. Is it on you at all times? Is it in a bag in your hotel room? Do you keep your phone on you at all times?
The largest concern about any of these breaches is you won't know the data breach has occurred.
Extra security steps you'll need to take with a SIM
Your device can be easily compromised if your data is sensitive to an attack. Make sure you're not using the same password, and be conscious of where you're storing passwords.
Hackers are constantly looking for the tiniest vulnerabilities to find access to your records or to your network. Your SIM card is one of those channels.
When you carry a SIM card around you need to treat the SIM like a physical credit card. Primarily, be aware of who you're buying your card from and where you're storing the SIM when traveling.
Make sure the SIM vendor is reputable. If you happen to buy a cloned card, you won't know until the data breach has occurred and there's been a security incident with your information. If you are buying a physical SIM when you land, take some time to research a reputable vendor or ask your cellular provider to issue you a travel SIM to protect you from attacks.
Once you have a SIM card you can trust, be sure to safely store the SIM card/cards while traveling. This is especially true if you have multiple chips for different locations, and many of your cards are not in your phone at any given time. Find ways to minimize the amount of SIMs you're carrying as it only takes one compromised card for a breach to occur.
How an eSIM can help you avoid all that
Airalo's eSIMs have a certain advantage that can help mitigate and protect your device from many forms of SIM fraud. eSIM stands for "embedded" SIM, which means instead of having to buy a SIM to swap and insert into a tray, you directly download an eSIM to your phone.
To be clear, having an eSIM does not mean you're invulnerable to a data breach, but it does protect you from threats unique to SIM cards. Using an eSIM gives you the freedom to keep your SIM purchases internal to the device and not have to worry about installing a compromised or cloned SIM card.
An eSIM helps you by:
- Allowing you to purchase a data plan before landing in your destination
- Avoiding questionable or vulnerable third party vendors
- Avoiding storage and security when traveling concerns with SIMs
Importantly, with a SIM or eSIM, it is important to be vigilant to potential data breaches. Take extra steps to be sure your information is secure and not left in a sensitive position.