From the inside out – SIM Swapping
Published: July 1, 2024
SIM Swapping, a common yet underestimated trick
After growing in popularity in the early 2010’s, SIM Swapping is back again, following the hacking of the Twitter CEO’s account Jack Dorsey, in 2019.
A real threat
In the most common cases of SIM Swapping, a hacker contacts your operator’s customer service to impersonate you. By blaming it on a malfunction or the stealing of your SIM card, the hacker then asks to activate your number on a new SIM card, which he owns. To convince customer service behind the phone, he uses personal information (date of birth, address, customer number, etc…), which he may have found on the Internet or by other means. Once the operation is successful, the hacker can then receive calls and SMS texts for you.
SIM Swapping is one of the computer security breaches regularly cited these days. It allows the victim’s phone number to be obtained, often used in dual authentication, the most widespread account security standard and application. And thus access to all kinds of information.
Once the new card is received, the attacker can simply insert it into his phone and activate it. This has the effect of deactivating the old card. Thus, it offers attackers the possibility of using the new SIM card to reset access to certain accounts or bypass multi-factor authentication (if it is done through SMS for example).
Consumers, the ultimate victims of this scam
There are numerous different use-cases, taking control of online accounts, social networks or e-mails, via password reset for example. Or use this new identity to empty a bank account via online transfers.
In SIM Swapping, it is therefore the consumers who are the ultimate victims of this scam. Yet, considered as the weakest link in the chain, it is the call centers of mobile operators that are targeted to reach the consumer.
Agence France-Presse (AFP) points out that thousands of attacks of this type have been recorded in countries where mobile phone payments are commonplace, such as Brazil, Mozambique, India and Spain.
Orange took the lead to improve the security of its services
Mobile operators are unanimous about the threat to the consumer, and Orange has taken the lead against SIM Swapping. With a strong innovation-driven DNA, we were involved in the process-making of the technology. eSIM stands for Embedded Sim, the Sim card is placed directly in the phone. A major innovation in phone security, supported by SFR and Bouygues, towards that path.
Orange includes the innovation in both B2B and B2C services :
- Our Wholesale department offers eSIM-related APIs services for B2B phone fleet to Mobile Virtual Network Operator (MVNO) or large companies.
- Regarding consumers, in addition to eSIM, Orange developed Mobile ID.
Mobile ID is a solution that allows you to simplify the digital uses while limiting identity fraud towards your consumers. More specifically in this offer, they created SIM Verify: a service that prevents identity theft by analyzing the validity of the SIM card.
You can find additional information here on the services here :
- Learn about SIM Verify
- Learn about eSIM
Explore the links below:
SIM Swapping : les manœuvres des opérateurs français pour limiter les risques – ZD Net
Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers – Vice
Qu’est-ce que le « SIM swapping », qui a permis de pirater le compte du patron de Twitter ? – Le Monde