Expert Explains How To Prevent Cell Phone SIM Card Swapping

Have you heard of SIM cloning or SIM swapping? We're talking about the SIM card inside your cell phone and how attackers can take advantage of it. Jonathan Kimmitt with Alias Cyber Security explained more.

What are SIM cards and what do they do?

Your SIM card is your unique identifier for your phone. It's tied to the cellular company that you contract with. You have some that are physical cards, and some have an e-SIM that's an embedded card.

SIM card stands for "subject identity module." The cell company uses that to recognize who the phone belongs to. Phones have to have SIM cards to work.

What is SIM jacking, SIM cloning, SIM swapping?

SIM Swapping, sometimes also known as SIM jacking, and SIM cloning, is a technique where a malicious actor uses a variety of techniques to take ‘ownership’ of a phone number by getting a cellular company to ‘swap’ the SIM that is associated with a user, with a new one that is associated with the attacker.

In simple terms, it allows the attacker to take over a phone number by moving the phone number to a new device.

SIM swapping is very common and occurs legitimately as people get new phones, replacements, or change service.

Because it is a common process, the attacker uses social engineering techniques to trick, bribe, or extort a cellular company employee to move a victim’s phone number to a new phone.

At that point the attacker can use the number to access accounts that use text (SMS) messaging or phone calling to reset passwords, multifactor bypass, etc.

How do we prevent SIM attacks?

It's hard to prevent SIM swapping. However, you can protect other accounts outside of your phone. You can make sure that you're not using text messaging as a multi-factor authenticator. You can make sure to not give out your phone number easily, and question who you're giving your number to. It's also important to not store passwords on your phone.