Author: Cobo Vault security trainee
In September 2019, the network security company Adaptive Mobile discovered a serious vulnerability Simjacker in the SIM card. Recently, the company announced a list of countries vulnerable to Simjacker attacks, including 29 countries on five continents.
What is SIM card fraud?
What is SIM card fraud?
secondary title
How SIM Fraud Attacks Steal Your Money
We already mentioned the ways scammers get cloned SIM cards before. Fraudulent assets are often one of the main goals of attackers. In todays payment environment and account security environment, 2FA verification is often achieved through SMS verification codes, which also relies on the relatively complete real-name system in China. After gaining control of someone elses SIM card, the attacker can further obtain personal privacy information through similar icloud or email. Just ask, have you saved a photo of your personal ID card or drivers license in your mobile phone? These photos or information may have been silently submitted to your cloud storage account by a certain cloud software. After the attacker has completely collected this information, it can be used to withdraw your personal account assets; or simply use your identity information to obtain loans from multiple online lending institutions.
Whats even more frightening is that the attackers dont need identity information at all because most users are trying to save trouble or dont understand basic security transaction knowledge. Only the mobile phone number, SMS verification code and password are needed to complete a series of steps such as transaction, withdrawal and issuance.
If your mobile phone suddenly loses signal in the usage environment and lasts for a long time, you must be more vigilant.
After multiple reboots to no avail, he contacted his local mobile operator, only to learn that the SIM card had been reported as lost or stolen and asked the author to activate it on another SIM card.
After multiple reboots to no avail, he contacted his local mobile operator, only to learn that the SIM card had been reported as lost or stolen and asked the author to activate it on another SIM card.
secondary title
1. Never use weak passwords
1. Never use weak passwords
After the attacker has your SIM card, you are only one step away from entering your PIN to withdraw money. So if you are using weak passwords, or passwords related to personal information, the last line of defense will be breached.
Do not use SMS verification codes as 2FA verification for your transactions!
In the current payment and transaction environment, some security precautions have applied IMEI identification technology. Every time a user logs in and makes a transaction, the system will verify whether the current IMEI is the device that has been logged in before.
3. Important accounts use 2FA verification similar to Google Authenticator
Do not use SMS verification codes as 2FA verification for your transactions!
Do not use SMS verification codes as 2FA verification for your transactions!
Do not use SMS verification codes as 2FA verification for your transactions!
4. You can consider using a cold wallet as the last line of defense to protect coins.
