SIM swapping makes your phone vulnerable

In today’s age of cutting-edge technology, securing your data is as important as upgrading to faster and better kit. In 2017 alone, we have seen some deadly cyber attacks crippling most of the economic superpowers around the world, affecting computers as well mobile platforms. While the renowned names of the tech industry are pushing for secure ecosystems, hackers are always on the lookout for new ways to steal data. One such way known to cyber experts is SIM swapping.

SIM swapping is the term used to describe hijacking of one phone number, thus getting access to all other information linked to it. This is a well-known problem in the United States and is claimed to happen once in every three to four days. The whole process is carefully planned and makes it difficult for both the operator as well as the victim to figure out the problem before considerable damage has taken place.

This is how it works — banks and other financially related institutions rely on a phone number to verify an individual’s identity. Your phone number is key to perform an online transaction through One Time Passwords (OTP) and therefore, becomes a great medium to steal and conduct malicious operations. Hackers need a functioning copy of your SIM card, thereby calling the operator imitating the customer. They report the SIM as lost/damaged and request a new functioning copy of the SIM card adhering to the same phone number. They also work out all the possible answers to the security questions to refrain from arousing any suspicion.

Once the process is done and the SIM card is delivered, they can simply make transactions according to their will by authenticating them through OTPs. As for the victim, he/she experiences discontinuation of services without any notice. Even if they report, then by the time they understand that something is wrong, considerable damages would have already been done.

If you are wondering how hackers can make out the login/access details, then you must be forgetting about phishing attacks through emails as well as the dark web — a place where all the information that the civilised world calls classified, is up for grabs to the highest bidder.

SIM swapping is an issue that anybody can fall prey to, regardless of a secure hardware or software. It is a problem where neither the customer nor the service provider can do much, apart from ensuring additional stringent security measures. Certain service providers in the US provide their customers with a unique password that is required while contacting the customer care. Some IT firms are also developing specialised software for use by operators to detect such fraud taking place.

However, in countries like India, operators need to get hold of stringent security measures to protect their customers from falling prey to such attacks. Most operators in India have a rudimentary form of customer verification system, where all they ask is the name and the phone number, with no security questions in place. This, therefore, looks like an open invitation to a widespread cyber attack, waiting to happen. All these operators can do for now at least is to adopt the unique password system from the western world before some robust system takes form.

As for consumers, sharing of important information on social media needs to be done carefully. One should never respond to emails and SMSes from people whom you have no idea about. Refrain from giving out any critical information to any unknown person imitating an official representative. Also, if you notice sudden discontinuity of your mobile service, report to the operator or your bank immediately to suspend the phone number from your accounts.

With inputs from Motherboard

Also published on Deccan Chronicle