SIM Jacking: how one SMS message turns your phone into a hacker’s toy

SIM Jacking is a relatively new form of cybercrime in which an attacker gains access to your phone number and then uses your SIM card to make calls, send messages and collect information about you. This can lead to data leakage and large financial losses.

What is SIM-jacking?

SIM Jacking is an attack in which an attacker uses the target’s SIM card to take over her smartphone account and gain access to personal information, including text messages, contacts and financial data. Cybercriminals can also use a user’s number to make calls and send text messages on their behalf.

In addition, if the victim’s phone number is linked to a bank account, hackers can bypass multi-factor authentication (MFA) and reset the password to gain access to the victim’s financial accounts. They can also use your phone number to register new accounts in your name – for example, an email or a social media account.

How does SIM-jacking work?

Hacking a SIM card usually begins with a phishing attack. Attackers send you a text message or an email that looks like it was sent by your mobile operator. The message may say that suspicious activity has been detected in your account or that you need to update your information.

If you click on the link in the message, you will be taken to a fake website that looks like your operator’s website. The website will ask you for personal information, including your name, address and date of birth. It will also ask for your mobile phone number and account PIN.

As soon as the attacker receives your information, he can contact your telecom operator and order a new SIM card. After receiving a new SIM card, they can take over your account and gain access to your personal information.

Connecting a SIM card using SIM-Jacker software (Simjacker)

SIM-Jacker (Simjacker)— this is a type of spyware that can be installed on the victim’s phone without her knowledge, and then used to send commands to the SIM card to take possession of the phone.

When a SIM-Jacker is attacked, spyware is sent to the phone via SMS. Essentially, an SMS message contains a set of instructions to instruct a universal integrated circuit board (UICC) to take control of the phone to retrieve and execute confidential commands.

As a result, the attacker gains access to the device, to its location and to the Cell-ID. The danger of this attack is that you won’t even know that your device has been compromised, as you won’t get any warnings about the attack.