SIM Jacking: How One SMS Turns Your Phone into a Hacker's Toy

Photo by Tima Miroshnichenko

SIM Jacking: How One SMS Turns Your Phone into a Hacker's Toy

Cyber Security Dec 13, 2022

What is SIM jacking?

SIM Jacking is an attack in which an attacker uses the target's SIM card to take over their smartphone account and access personal information such as text messages, contacts, and financial data. Cybercriminals can also exploit the user's phone number to make calls and send text messages on their behalf.

Also, if the victim's phone number is tied to a bank account, hackers can bypass multi-factor authentication (MFA) and reset the password to gain access to the victim's financial accounts. They may also use your phone number to register new accounts in your name, such as an email or social media account.

How does SIM jacking work?

SIM hacking usually starts with a phishing attack. Attackers send you a text message or email that looks like it was sent by your mobile operator. The message might say that suspicious activity was detected on your account or that you need to update your information about yourself.

If you click on the link in the message, you will be taken to a fake website that looks like your carrier's site. The website will ask you for personal information, including your name, address and date of birth. It will also ask for your mobile phone number and account PIN.

Once an attacker has your information, they can contact your carrier and order a new SIM card. After getting a new SIM card, they can take over your account and access your personal information.

Connecting a SIM card using SIM-Jacker software ( Simjacker )

SIM-Jacker (Simjacker) is a type of spyware that can be installed on a victim's phone without their knowledge and then used to send commands to the SIM card to take over the phone.

When a SIM-Jacker attacks a phone, spyware is sent via SMS. Essentially, the SMS message contains a set of instructions to tell the Universal Integrated Circuit Card (UICC) to take control of the phone to retrieve and execute sensitive commands.

As a result, the attacker gains access to the device, its location, and Cell-ID. The danger of this attack is that you won't even know that your device has been compromised, as you won't receive any warnings about the attack.

How to protect yourself from SIM jacking

There are several ways to protect yourself from SIM hacking:

  • Not all information is meant to be posted on the Internet . Do not post sensitive information about yourself online;
  • Do not share your confidential information with strangers;
  • Don't click on links in messages or emails unless you're sure the source is reliable;
  • Do not use SMS for multi-factor authentication . Instead, you can use dedicated apps like Google Authenticator or Authy;
  • Monitor any suspicious activity on your phone (e.g. messages, calls, unexpected payments, registration of new accounts) that you did not commit and report it to your carrier immediately;
  • Update your operating system and applications regularly . Security updates often contain fixes for newly discovered vulnerabilities;
  • Install antivirus software on your phone . It will protect your device from malware and spyware such as SIM-Jacker.

What to do if your SIM card has been hacked

If you think you have been the victim of a SIM hack, there are a few things you need to do:

  • Contact your carrier . It can deactivate your SIM card and activate a new one;
  • Change your passwords . Once you get a new SIM card, change the passwords for all your accounts - email, social media, online banking, and any other accounts that use two-factor authentication.
  • Warn your friends and relatives . Once your SIM card is compromised, attackers can contact your family and friends on your behalf to ask them for money or distribute malware to them. So if you think your SIM has been compromised, let your contacts know so they don't become the next victims.
  • Sign in to your WhatsApp profile with a new SIM card . Cybercriminals can take over your WhatsApp account after hacking your SIM card. Be sure to re-authenticate WhatsApp after getting a new SIM card to prevent hackers from gaining access to your profile.

Is SIM jacking really dangerous?

SIM hacking is a big threat, but not as common as other types of identity theft. This is because SIM jacking requires a high level of technical expertise and is difficult to pull off. However, the consequences of SIM hacking can be devastating.


Anurag Deep

Logical by Mind, Creative by Heart