A SIM CARD ATTACK is a wide-ranging descriptor for the compromising of integrated circuits in mobile telephony devices. The most common implementation involves a bad actor, with adept technical ability, reassigning a phone number to a SIM card in another device. This exposes the owner of the phone number’s Customer Proprietary Network Information, or CPNI.
CPNI is a collection of organized data associated with a given phone number. It is collected by most wireless carriers, and is the bounty for those who seek to obtain it fraudulently. CPNI data is often considered sensitive, or confidential, and includes the following:
Date and duration of incoming and outgoing phone calls
Destination phone numbers, or, those phone numbers a consumer makes outgoing calls to
Text messages via Short Message Service (SMS)
Various account information, including the consumer’s service plan, features, and network subscription type
The obvious goal of a hacker who carries out a SIM card attack is to seize a consumer’s CPNI data and steal their identity. But cascading failure may also ensue. Victims may find themselves unable to place or receive calls, and in some cases, the attacker may even leave them with a permanently damaged SIM card.
Is Your Phone Susceptible to a SIM Card Attack?
While many consumers associate the Subscriber Identification Module (SIM) solely with its ability to “give life” to a compatible phone, it actually has several security properties that are critical to the operation of a cellular network. SIM cards are used to identify every network subscriber (or user) by safely storing their International Mobile Subscriber Identity (IMSI) number and its corresponding key. They use this data to authenticate subscribers on mobile devices, while warding off eavesdroppers and other types of device attacks.
Furthermore, each SIM card also contain temporary network information, mechanisms for encryption and decryption, a personal identification number (PIN) and personal unblocking number (PUK). Barring manufacturing defects and physical damaged cause by water and/or surges, most generally have a long lifespan. Some users have even reported a lifespan of up to 10 years!
If you have an unlimited plan with your wireless carrier, your phone will most likely adhere to the Global System for Mobile Communications (GSM) standard and will require the use of a SIM card. This means your phone is susceptible to a SIM card attack. Phones that follow the Code-Division Multiple Access (CDMA) standard do not require SIM cards and are generally not susceptible. These are known as “burner” phones and are usually prepaid and restricted to a specific network. The exception would be CDMA phones that also support GSM (and hence, use a SIM card) and LTE-capable handsets.
Symptoms of a SIM Card Attack
If you are the victim of a SIM card attack, you may experience one or more of the following anomalies:
“Not registered on network” or similar message. You’ll be greeted with this modal each time you attempt to make a call using Wi-Fi or your data package. Although this could be the symptom of other technical issues, it is definitely indicative of a change in your SIM card’s assignment. Start by ruling out these seven (7) other technical issues. If none of these steps fixes the issue, you very well may be the victim of a SIM card attack.
No one responds to the text messages you send. Ironically, you still may be able to send a text message without receiving an error. The problem, however, is that you won’t receive a response. These messages are likely being captured by the hacker, in hopes of gaining access to useful information.
You suddenly stop receiving phones calls and text messages. In addition to not being able to place outgoing calls and text messages, you will also notice that all incoming notifications have stopped. This is especially true if you are used to receiving lots of phone calls and text messages. Your phone will be notoriously mum, which should quickly raise a red flag.
You suddenly lose access to your email. In a strange turn of events, your phone may prompt you to re-enter the password for your email account. You will quickly learn that your latest, memorized password no longer works. Hackers know that email addresses are tied to many lucrative accounts, including those with banks, credit cards, investments, and domain name registrars. They immediately target email accounts to redirect these assets.
Unfortunately, your wireless carrier may not catch the attack right away. But you will likely receive a letter from them that looks and/or reads like this (NOTE that this letter was received nearly a month after the attack occurred!):
Steps for Remediation
A SIM card attack is invasive and probably one of the most dangerous exploits in the Information age. Nearly everyone has a smart phone that’s loaded personally identifiable information (PII). Learning of such an attack weeks after it occurs will do you no good. At that point, the damage will have already been done. That’s why it’s important to practice good security measure beforehand.
The following points can be used to remedy or prevent SIM card attacks:
Obtain a new SIM Card. More than likely, the attack will have left your SIM card permanently damaged anyway. But even if it didn’t, its probably a good idea to get a new one. Most wireless carriers will give you a new one for free if they can verify that your current one is damaged or inoperable.
Change the passwords to all your online accounts. This includes your email and financial accounts.
Enable Two Factor Authentication (2FA) on all your accounts. Upon each log-in attempt, this process will require the entry of a username, password and one-time token sent to your email or short message service (SMS). If your online accounts offer Universal 2nd Factor (U2F), this is even better!
Change the call-in PIN on all your accounts, if applicable.
Monitor your credit score and credit reports. Most credit card companies make this easy. By simply logging into these online accounts, you will be able to see updates to your credit score every seven (7) days, as well as the list of factors that are impacting it.
You should also contact the credit bureaus to place fraud alerts on your account. The following is the contact information for all three (3) credit bureaus:
P.O. Box 9554
Allen, TX 75013
Equifax Information Services LLC
P.O. Box 740256
Atlanta, GA 30374
Fraud Victim Assistance Department
P.O. Box 2000
Chester, PA 19016
A SIM card attack is one of many ways that hackers attempt to fraudulently take over online accounts. Smart phones are hotbeds for sensitive data—from your phone conversations and text messages to local network information and services you have access to. It is not always evident when such attacks occur, which is why its critical to take proactive measures to safeguard your accounts and online assets. Following the tips in this glossary entry will help you to do so.