We’ve all been instructed to be alert for potential malware contaminating our devices. Infections often find their way to our computers, phones, and tablets after clicking a dangerous link, downloading an attachment from an unknown email, or even downloading a malicious app from the Google Play Store.
Generally, these attacks target your devices, but is it possible for hackers to also work their way into your phone’s SIM card?
Unfortunately, the answer is yes, as evidenced by this sad story shared with us by the reader, Carol B.:
“My brother had a hacker that got a SIMS card from his Mobile phone service. He then hacked into all of his email accounts and changed the passwords. He proceeded to kill my brother and his wife’s SIMS cards on their phones, so that they wouldn’t get notifications from their credit card companies, banks etc. The hacker was able to hack into one of his banking accounts and had $1000 transferred using Zelle to an account. What can we do to protect something like this happening again?”
Why would a hacker want to hack into your SIM card?
To put it in plain terms, your SIM card carries all the information which allows you to connect with your larger network through calls, texts, and emails.
As it stores your mobile subscriber number, which helps authenticate and identify you on mobile devices. As a result, if someone is successful in hacking into your SIM card, it gives them the power to:
- Access Two-Factor identification codes, potentially allowing them into your banking accounts, and other high-profile accounts
- Receive text messages from your contacts
- Use your identity to text and call others for fraudulent schemes
Most hackers hope to access your SIM card to pull off any of these three fraudulent practices:
1. SIM swapping
Once accessing your SIM card, hackers will use your information to try and trick your service provider into switching your phone number to a new SIM card and phone number, resulting in the owner’s number and information being erased. To do this, the original phone will need to be restarted to complete the transfer. This often requires the hackers to contact the original phone owner, posing as the service provider, to restart their phones.
2. SIM Cloning
In this instance, after accessing your SIM card, the hacker will clone all the information found on it copying the stolen data onto a new SIM card that they control. Once they succeed at this con, it allows the criminal to access all the original owner’s texts, calls, and location data, which the hacker can view on their device.
3. Simjacker spyware attack
Simjacker is spyware software, often sent to users via an SMS message, which if opened will allow the hackers to read your messages, listen in on your calls, and track your location. This is achieved mainly through software called S@T Browser, a basic web browser of sorts, primarily used by service providers to interact with web applications. While S@T Browser is installed on many devices that leave people vulnerable to Simjacker, it is also rarely used, and these attacks are most common in the Middle East, North Africa, and Eastern Europe
What are the chances of my SIM card being hacked?
While we have now established that your SIM card can be hacked, and very dangerous should it potentially happen, it’s far less common than hackers accessing your devices. This is primarily because it’s much less easy for criminal hackers to access your SIM card and go unnoticed. For that matter, hackers can do many things they could do by hijacking your SIM card, such as using your identity to make calls and texts.
It’s also worth noting, back in late 2022, Apple no longer uses physical SIM cards in any of their newly launched products. Instead, they are deploying electronic SIM cards known as an eSIM. While, thankfully, eSIM cards are somewhat less vulnerable to hackers when it comes to the threat of SIM swapping. Crooks and scammers can no longer claim their SIM card is lost. But like all technology, it is still sadly possible to hack an eSIM card. And with that in mind, it’s important to be on the lookout for any tell-tale signs that your SIM card may have been hacked – period.
How will I know If My SIM card has been hacked?
As mentioned above, there is some cold comfort that can be taken in the fact that it is extremely easy to determine whether or not your SIM card has been hacked.
You aren’t receiving calls or texts
Phone numbers can only be associated with one SIM card, so if you are the victim of SIM cloning or swapping, you won’t receive any new calls or texts. Have a friend call or text you, and if the call or text comes through, then there is no possibility that your SIM card has been successfully cloned or swapped.
Outgoing calls or texts to unknown numbers
When checking your phone bill and you see several calls or texts made to numbers you don’t recognize, that leaves open a very real possibility that your SIM card has been hacked. Immediately contact your service provider to get more information regarding these calls.
Messages telling you to restart your device
If you get a random text message telling you to restart your device, seeming to be from your service provider, it is more than likely a scam artist. They will not be able to complete cloning or swapping your SIM card unless you restart your device. Service providers will never contact you instructing you to restart your device, so if you do get such a message, best to call them immediately.
Your device shows up in a strange location
One of the most guaranteed ways of determining if your SIM card has been compromised is if your phone shows up in a location different from yours while using a tracking app such as “Find My”. However, many hackers will attempt to disable this service as a means of avoiding detection.
Inability to access accounts
Many apps and websites, particularly those for banks or others containing vulnerable information, tend to use two-factor verification. This is a way of circumventing hackers who may have accessed your login information, by sending you a text or email with a verification code. If your SIM card is hacked, then they will be able to receive that code, giving them the ability to log in and change your username and password.
How can I protect my SIM card from being hacked?
The chances of your SIM card being hijacked are relatively low. There are, nonetheless, steps you can take to make avoid this happening to you.
- Set all your social media accounts to “Private” or “Friends Only”– Hackers will often make the first steps in accessing your information by searching for your public, online presence
- Delete any apps or online accounts you no longer use– further limits your possibility of being hacked
- Don’t open attachments or click links from unknown emails– chances are they are phishing scams, hoping to access your personal information
- Consider alternative Methods of two-factor identification- rather than be reliant on a text or email, consider a service like the Google Authentication app, which is tied to your device and will prevent hackers from getting a text or email
- Never use the same password for multiple accounts
- Never choose security questions where the answer is publicly available, such as “mother’s maiden name”.
SIM card lock
The biggest security precaution you can place on your SIM card is enabling a SIM card lock, requiring a PIN code for anyone trying to access your SIM card.
To enable a SIM card lock on an Android
- Go to Settings
- Tap Lock Screen and Security
- Tap Other Security Settings
- Tap Set Up Sim Card Lock
- Turn on the Lock SIM Card
To enable a SIM card Lock on an iPhone
- Go to Settings
- Tap Cellular
- Tap SIM Pin
- Enter your existing Pin, and the SIM lock will be activated
Important note: Always be sure that you know your current PIN before activating the lock.
Lock up your tech
My biggest desire is to educate and inform you about the increased real threat to each of our connected devices and encourage you to use strong antivirus security protection on everything in your life connected to the rest of the world. The best way to protect yourself is to install antivirus software on all your devices.
Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Find my review of Best Antivirus Protection here.
Related:
- How to backup and restore your mobile device the right way
- Best Antivirus Protection
- How to securely get rid of your old cell phone
- iPhone can be hacked while powered off: researchers uncover
- How hackers can craft an attack on your social media profile
- How to tell if your phone has been hacked