SIM Card Lock: A Simple Way to Thwart SIM Swap?
SIM Card Lock does NOT ❗ protect against SIM SWAP attacks.
Still, using a SIM Card Lock is a good practice to avoid the consequences of SIM card theft.
What is a SIM Card Lock?
A SIM card lock, also known as a SIM card PIN lock, is a security feature provided by mobile network providers to protect the SIM card from unauthorized access.
If the SIM Card Lock is activated, it requires the user to enter a PIN code every time the mobile device is powered on.
👎 If the SIM Card Lock is NOT activated and your phone is stolen, the robber will be able to use your SIM card services (e.g., make phone calls, receive 2FA messages, use your data plan) at least until you report the theft and have the SIM transferred or deactivated. But how long this may take and what can the robber do in the meantime?
- Your phone passcode can protect your phone from unauthorized access. However, the phone passcode does not protect the SIM card. And the SIM card can be easily transferred to another mobile device.
👍 If the SIM Card Lock is activated and someone steals your phone, the robber will not be able to use the SIM card at all. Good luck trying to figure out the SIM pin with only three attempts allowed.
How to Activate the SIM Lock
Activating the SIM Lock is quite straightforward.
For iPhone users
In Settings, click on the SIM PIN menu.
Enable SIM PIN and choose a PIN that you will remember but that is not too obvious (e.g., the year you were born is not a safe PIN).
For Samsung/Android Users
In Security and Privacy, click over the 'Other Security Settings' menu.
Then, click over the 'Set up SIM card lock' menu.
And Enable 'Lock SIM card'. Once again, set up a safe PIN while making it not too obvious.
What to do if You Forgot Your SIM Lock PIN
If you forget your SIM Lock PIN, you will need your SIM PUK code to unlock the SIM card.
So, before enabling the SIM Lock, it will be worth making sure that you have your PUK available and safely stored in a safe place.
An example from the Vodafone UK website.
SIM Card Lock does NOT Protect Against SIM SWAP attacks
👉 In short, unfortunately, SIM SWAP complete prevention is not possible.
But, there are ways to reduce the probability of being the victim of a SIM SWAP attack or reducing the impact if we are the victim of one.
In our recent post, 'Blockchain Capital Bart Stephens SIM SWAP Hack - Could Have Been Prevented?' we explain how Mr.Stephens lost a very considerable amount of Cryptocurrencies due to a SIM SWAP.
Telecommunications companies know that SIM SWAPs are a big threat and steps need to be taken to prevent this kind of attack:
Regulators train their sights on SIM Swap. What should telcos do?
FCC Proposes Rules to Prevent SIM Swapping and Port-Out Fraud
NOTICE OF PROPOSED RULEMAKING
But still, there are far too many cases of SIM SWAPS because human error can be minimized but not fully prevented.
Armed with sufficient information about the victim, a scammer can successfully request a SIM transfer.
What Can Be Done to Minimize the Possibility of a SIM SWAP Attack
If you are a very well-known public figure, like Mr.Stephens, you want to contact your telecommunications company and make them aware that due to your profile, you are a SIM SWAP target:
- Your telecom company should be willing to take additional steps to protect you.
- If not, it is time to start looking for a different telecom company.
If you are a known person, like a popular YouTube content creator, you may want to take steps to reduce the amount of personal data that is available on the web, that can be used to mount a SIM SWAP attack against you:
- You may want to use online tools, like HaveIBeenPwned or Dehashed to find out how much personal information about you has been made public.
- You may want to have cyber professionals looking after account takeover prevention (Dehashed has such a paid service. But you should research the best option for your situation).
If you are not a well-known public figure or if your online presence is limited, a SIM SWAP attack on you is not very probable. Still, you should take steps to minimize the impact of one.
What Can be Done to Minimize the Impact of a SIM SWAP Attack
👉 Executing successful SIM SWAP attacks demands a substantial amount of effort and preparation. Hackers or scammers typically engage in such activities when they are confident that the financial gain justifies the level of work invested.
Therefore, you must fortify any financial account or asset that is protected through SIM Two-Factor Authentication (2FA).
SIM is considered the weakest form of 2FA. Because of SIM SWAP attacks.
But there are other 2FA methods that you can consider that are safer, like security tokens.
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your crypto safety knowledge and awareness, and the 5 minutes read was worth the time.
For more short but important articles about Crypto Safety topics, please consider subscribing to our blog.