October 21, 2019

What Is A SIM Port Hack?

By Tobias Geisler Mesevage
Port ScanningDatto Managed SOC

An increasingly hyper-connected world means greater flexibility for your employees. However, with remote access to network systems via multiple devices, you may be introducing more vulnerable access points to your company. Case in point, the mobile phone.

While many businesses allow for endpoint connections to a secure network — and have begun implementing steps to protect those endpoint connections — some of those security steps are now proving to be the most insecure.

In August 2019, news broke that a group of hackers had gotten control of Twitter CEO Jack Dorsey’s Twitter account using a SIM port hack. In the most simple terms, the group had convinced Dorsey’s mobile carrier to assign Dorsey’s number to a new phone they controlled.

SIM port hacks, also referred to as SIM swapping or SIM hijacking are the newest method hackers have found of accessing someone’s online accounts or secure networks.

In this article, we explain what a SIM port hack is and how to protect yourself from one.

What Is A SIM Port Hack?

At its most basic, a SIM port hack involves a hacker who has convinced your mobile phone carrier to activate your phone number on another device. They are looking for an entry point to gain access to your secure network or any number of your online accounts.

To execute a SIM port hack, hackers must first gather personal information about a victim, usually via phishing or buying the information from an online marketplace.

Once personal information is obtained, the hacker reaches out to the victim’s mobile phone carrier and convinces the company to port the victim’s phone number to a different SIM. Hackers use the personal information they’ve obtained to authenticate the account.

Once the SIM port hack has been completed, all of the victim’s phone calls and text messages will start coming into the hacker’s phone. Access to a victim’s phone allows the hacker to obtain one-time passwords or verification codes sent to the victim. This helps them break the security features on a secure network or email accounts, to access even more information.

Businesses need to be aware of and protect themselves from this type of hack by implementing tools and security features.

Protect Yourself From A SIM Port Hack

Many businesses allow for Bring Your Own Device (CYOD) programs. To make these programs work, there are several things that network security administrators should do to avoid the consequences of a SIM port hack:

  1. Educate employees on how to avoid phishing attempts and look out for the warning signs of a SIM port attack.
  2. Request a port validation feature for your account. This would require another password for your SIM to be ported to another device.
  3. Require someone in the company approves all SIM transfers.
  4. Use a hardware or software key for added security, instead of two-factor authentication.

Protecting your employee’s devices from SIM port hacking should be just one part of any business’ Disaster Recovery Plan.

To learn more about how to strengthen your business’ network security and implement endpoint protection, contact Datto.

Suggested Next Reads