BLOG

New Mobile Phone Hack Posing Serious Security Risks To Users

Cell phones have become an integral part of our lives, so much that it is really hard for most of us to go a day without our devices. Today, our mobile devices and phone numbers are linked to almost every account we own.

Our social media, emails, bank accounts, etc have our phone numbers linked to alert us on changes to our accounts and also enable us to authenticate we are the ones logging into an account, authorize access or password changes, etc. If you use a secure online portal or apps such as those for your bank, you may have used the One-Time-Password (OTP) security feature to authenticate your access or to confirm changes.

OTP is a security mechanism used by identity and access management systems to authenticate the identity of a user by sending a single-use password to the user’s registered mobile number or email for the user to access a website, app or database. This system is acclaimed by experts as one of the most secure ways to prevent unauthorized access to software and applications. This technology is used by most financial institutions and technology companies.

A few days ago, a previously undetected SIM card vulnerability has been identified by cybersecurity experts. This vulnerability significantly increases the risk of identity and data theft to companies and internet users. The SIM card security flaw is a very worrying problem as we know OTP relies heavily on registered mobile SIM numbers to authenticate users. Cybercriminals are exploiting this vulnerability to steal identities and data for fraud, surveillance and espionage.

The vulnerability which has been termed ‘SIMJacker’ uses a series of sophisticated techniques to bypass existing protection systems of mobile operators. The system enables hackers to gain access to user location information and SMS all with the user completely unaware. Imagine your mobile SIM is hacked, a hacker has information on your location and can send and receive SMS messages from your number. This opens an endless number of opportunities for cybercriminals to attack and scam you.

Hackers do not only have information about a victim's location but can get access to secure platforms like banking portals, social media accounts, emails, etc of the victim by exploiting this vulnerability. They can also use social engineering to deliver further attacks on victims and their loved ones to get access to confidential information and scam them. This vulnerability in certain cases is used to disable SIM cards of victims denying them of mobile and internet service.

At this time there isn’t much for consumers to do but to report any suspicious activities on their accounts to their service providers. Mobile networks have a responsibility to upgrade their security systems to be able to block such attacks and protect their subscribers.

CyberTek is a leading cybersecurity company that provides services to organizations to help identify vulnerabilities and block threats in IT infrastructures and systems. We ensure users of service providers including mobile networks and banks access and use their services in the most secure cyber environments.