What is a SIM Card Attack?
SIM card security may be compromised as a result of attacks by malicious actors. The term “SIM card attack” refers to a type of cyber-attack on a phone’s SIM card. A SIM card is an integrated circuit, known by the acronym “Subscriber Identity Module”, that stores subscriber credentials for mobile devices. SIM cards usually contain information such as phone number, subscriber ID, network information and some security keys.
SIM card attacks are usually aimed at phone number hijacking, theft of personal information or phishing. To protect against such attacks, it is important for users to increase their security awareness, use strong passwords and keep their mobile devices up-to-date.
How to Secure ICRYPEX Account Against SIM Card Attack?
Two-factor authentication options must be enabled to keep ICRYPEX users safe from SIM card attacks. In this context, verification with authenticator and verification by e-mail will increase your security level.
How to Enable Authentication with Authenticator
Before proceeding with this process, the Authenticator app from a provider you trust (e.g. Google Authenticator) must be installed on your smartphone. After installing the Authenticator app on your phone, you can activate this two-step verification option in ICRYPEX by following the steps below.
Step 1
Log in to your ICRYPEX account.
Step 2
Click on “Security” in the tabs under “Account” at the top right.
Step 3
On the screen that appears, click the “Enable” button in the “Authentication with Authenticator” field in the “Two-Step Verification” section. If you want to increase your security level even further, you can also enable the “Verification by Email” option.
Step 4
After activating the “Authentication with Authenticator” option, you need to scan the QR code on the screen that appears on this screen through the authenticator application installed on your smartphone. If you have problems scanning the QR code through the authenticator app, you can also enter the key you were given into the authenticator app. After that, enter the code that Authenticator will give you in the “Verification Code” field and press the “Verify” button.
Step 5
Log out of your ICRYPEX account and then when you try to log back into your account, you will see “Authentication with Authenticator” appear on the login screen. From this stage onwards, respectively;
- If your e-mail verification option is enabled, press the “Send Code” button in the “E-mail Verification” section and then enter the code sent to your e-mail address in the specified section,
- If phone verification is enabled, press the “Send Code” button in the “Phone Verification” section and enter the code sent to your phone via SMS,
- Finally, open your authenticator app and enter the code generated for ICRYPEX in the “Verify with Authenticator” field and then click the “Verify” button at the bottom of the page to log in to your account.
Even if your SIM card is compromised in an attack, you will still be authorized to access your account because authentication with authenticator is enabled.
What can be done for ICRYPEX Account Security in case of a SIM Card Attack?
If you think you have been hacked and want to secure your ICRYPEX account, you can follow the steps below.
- If you are able to log in to your account, please disable “Verification by Phone” and enable “Verification by Authenticator” and/or “Verification by E-Mail” from the “Two-Step Verification” section in the member panel after logging in.
- You can contact live support and inform them that your SIM card has been stolen and you would like to freeze your account. In this case, your account will be frozen as soon as possible and no one, including you, will be able to log in to your account.
- You can call our customer service phone number (0850 255 10 79). When you call from a different phone number, your account will be frozen as soon as possible if you provide your account information (registered name-surname, e-mail address and phone number) to our customer representatives and provide information about the subject.
- Once you have secured your account, you can change your registered phone number by sending a request for a phone number change to [email protected].
- Once you are sure of the security of your account, you must call our customer service to make your account available again. After the necessary investigations, your account will be reinstated if there is nothing suspicious.
- Be sure to change your password and update your two-step verification options when your account becomes available.
If you think you have been hacked on SIM card or other issues, you can quickly get support from ICRYPEX’s expert team and ensure the security of your account. If you have any questions, you can contact our communication channels below.
?️ Live support
? 0850 255 10 79
Some of the SIM Card Attack Types
Although the types of SIM card attacks vary, they have a single goal. And that is to benefit the users. With SIM card theft, attackers can access users’ account information and cause them financial and moral damage. Some of the SIM card attack techniques are as follows;
SIMJacker
This type of attack is caused by a bug in SIM cards called SIMJacker. A short SMS sent to users creates a backdoor (exploit) for orchestrating the attack on the SIM card.
How does it happen?
The SIMJacker attack starts with an SMS sent to the users’ smartphone. This SMS allows the SIM to disclose certain data or makes it possible to control the device on which the SMS is transmitted. Moreover, this type of attack can target all smartphone operating systems, whether Android or IOS.
The data to be extracted from the SIM card includes specific information such as cell ID, device IMEI, etc., which helps to locate users. By delivering the obtained data to another device, users’ phone calls can be listened to, credit card information can be intercepted, etc. users can be harmed by access to a lot of personal information.
SIM Swap
This fraud method, which can be translated into Turkish as SIM swap, is the capture of personal information by accessing the data stored on the SIM card and using this captured information for profit and exploitation. It can be summarized as a hacker transferring a user’s phone number to a SIM card.
How does it happen?
The victim’s personal information is collected through social engineering methods. Once this information has been collected, the attacker pretends to be the victim and calls the user’s mobile operator, telling them that the phone has been lost and that the SIM card is inside, with the attacker demanding that the number be transferred to the SIM card in their possession.
If this process is successful, the accounts of users who have chosen SMS as their security verification method can be compromised. Messages can also be sent to the victim’s SIM-registered numbers, again in an attempt to defraud them.
SIM Cloning
Duplicate SIM cards are defined as SIM cloning. There are 2 types of SIM cloning: legal and illegal. Each SIM card is equipped with three basic codes. The International Mobile Subscriber Identifier (IMSI), which identifies SIM data on international networks, the ICCID code, which identifies the serial number of the SIM card, and the KI code, a key that identifies and protects the card on the network. If this data is obtained, SIM card cloning can take place.
How does it happen?
SIM card cloning requires software that reads IMSI, ICCID and KI codes. This software transfers the data read on the SIM card to be cloned to the new SIM card. After the cloning process is complete, both SIM cards are available for use. If one SIM card is switched on, the other is switched off.
WIB Attack
The WIB attack works like SIMJacker. It relies on exploiting little-known applications running on SIM cards to interfere with user devices. If this attack is successful, the attacker can send text messages, initiate calls, open the user’s web browser to the desired sites, display text and send location information.
How does it happen?
The WIB attack works with a specially crafted SMS text containing codes. The attacker remotely takes control of the victim’s cell phone by exploiting vulnerabilities in the WIB SIM browser by sending a malicious SMS to the victim’s phone number. Afterwards, it can perform actions such as sending sms, making phone calls, learning the victim’s location, launching other browsers.
These are just some of the SIM card attacks. Over the years, some may become inactive. New types of attacks may also emerge. All of them are caused by some kind of security vulnerability.
How to Stay Safe from SIM Card Attacks
If you don’t want to be exposed to such attacks via your SIM card, there are some methods you can personally implement. If you follow them, you are less likely to be attacked.
Here’s what you can do to stay as safe as possible from SIM card attacks;
- Avoid sending sensitive data over Wi-Fi in public areas. In fact, if possible, avoid using Wi-Fi connections in public places.
- Use a two-factor verification method.
- Choose strong passwords and use different passwords for each account.
- Avoid sharing your passwords, leaving them written down and storing them as files.
- Beware of phishing websites and fake campaigns.
- Use an antivirus program on your desktop and mobile devices.
- Shop from trusted websites.
- Keep data sharing on social networks to a minimum.
- Download software only from trusted sources.
- Beware of fake contests and links spread through social media.
- Avoid visiting websites that do not have an HTTPS certificate.
- Keep all your so-called smart devices such as computers, cell phones and tablets up-to-date.
- Learn about cyber security.
- Opt for a virtual credit card if possible.
How to Recognize a SIM Attack?
SIM card attacks can often happen without the user being aware of it, but some symptoms can be a sign to recognize such an attack. Here are some signs to recognize when a SIM card has been hacked;
Anomalies in Wireless Networks: SIM card attacks can cause anomalies in the device’s connection to wireless networks. If your phone suddenly or unexpectedly connects to another network, it is important to check this situation.
Anomalies in your phone bill: Attackers can hijack your SIM card and use it in a different device. This may cause anomalies in your phone bill, such as unexpected data usage or international calls.
Unknown Messages or Calls: As a result of a SIM card attack, messages or calls from unknown numbers may increase. This could mean that the SIM card has been compromised or used in another device.
Changes to Personal Information: There is a possibility that your personal information could be changed through a SIM card attack. If you notice unexpected changes in your phone book, anomalies in your personal information, you should take this into account.
Loss of Mobile Service: Attackers can affect your mobile service through attacks on the SIM card. If you are experiencing an unexpected loss of service on your phone, it is important to check that your SIM card is safe.
Anomalies in your Bank or Other Accounts: SIM card attacks can involve access to bank accounts or other online accounts via security codes delivered via SMS. If you notice abnormal activity on your accounts, you should consider this in terms of SIM card security.
If you notice any of the above symptoms or have any doubts about your SIM card security, you should immediately contact your mobile operator and follow the steps we have outlined to ensure your ICRYPEX account security.