cross-posted from: https://midwest.social/post/9868784

SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.

  • Slayer@infosec.pub
    link
    fedilink
    English
    arrow-up
    7
    ·
    7 months ago

    Now, attackers breach a user’s mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim’s number to another device on their own.

    They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.

    Simultaneously, the legitimate owner has their eSIM/SIM deactivated.