Security Risk

SIM Card Security Risks

That tiny chip in your phone is a major security vulnerability. From remote exploitation to identity theft, SIM cards present risks that most people never consider. Learn how to protect yourself from SIM-based attacks.

SIM Swap Attacks Rising: The FBI reports SIM swap fraud complaints increased 400% from 2018-2021, with losses exceeding $68 million in 2021 alone.

What Your SIM Card Actually Does

A SIM (Subscriber Identity Module) card is a small computer that stores your cellular identity. It contains:

Identity Data

IMSI - Your unique subscriber ID
Ki - Secret authentication key
ICCID - SIM card serial number
LAI - Location area information

Processing Capabilities

Run applications (SIM Toolkit)
Receive remote commands via SMS
Store contacts and messages
Execute cryptographic operations

Known SIM Card Vulnerabilities

Security researchers have discovered serious vulnerabilities in SIM card technology that affect billions of devices worldwide.

Simjacker Attack

critical

CVE-2019-16256

Allows attackers to track location, intercept calls, and retrieve sensitive data by sending specially crafted SMS messages to the SIM card's S@T Browser.

Affected: 1 billion+ SIM cards worldwideDiscovered: 2019

WIBattack

high

Similar to Simjacker, exploits the Wireless Internet Browser (WIB) on SIM cards to execute commands without user awareness.

Affected: Hundreds of millions of SIMsDiscovered: 2019

SIM Swap Fraud

critical

Social engineering attack where criminals convince carriers to transfer your phone number to their SIM, gaining access to 2FA codes and accounts.

Affected: All SIM usersDiscovered: Ongoing

Remote OTA Updates

medium

SIM cards can receive over-the-air updates that modify their behavior. Malicious updates could add surveillance capabilities.

Affected: Most modern SIMsDiscovered: Architecture flaw

Foreign-Manufactured SIM Risks

The origin and supply chain of your SIM card matters. Here are security concerns related to foreign manufacturing.

high

Manufacturing Origin

Many SIM cards are manufactured in China, even for US carriers. The manufacturing process could include backdoors or surveillance capabilities.

medium

Firmware Source

SIM card operating systems (JavaCard, MULTOS) may contain code from foreign sources that hasn't been fully audited.

critical

Cryptographic Keys

The encryption keys (Ki) programmed into SIMs during manufacturing could be retained by foreign manufacturers or governments.

medium

Supply Chain Integrity

SIM cards pass through multiple suppliers and distributors, creating opportunities for tampering before reaching consumers.

Major SIM Card Manufacturers

Understanding who makes SIM cards can help you make informed choices about your cellular security.

Manufacturer	Country	Market Share	Status	Notes
Thales (Gemalto)	🇫🇷France	~30%	Safe	Major Western manufacturer, acquired Gemalto in 2019
Giesecke+Devrient	🇩🇪Germany	~25%	Safe	German security company, trusted by major carriers
IDEMIA	🇫🇷France	~20%	Safe	Formed from merger of Morpho and Oberthur Technologies
Eastcompeace	🇨🇳China	~10%	Caution	Chinese state-owned enterprise, supplies some budget carriers
KONA I	🇰🇷South Korea	~5%	Safe	Korean manufacturer, supplies Asian markets

Warning Signs of a SIM Swap Attack

SIM swap attacks happen quickly. Recognizing these signs can help you respond before attackers gain access to your accounts.

Sudden loss of cellular service

Unable to make calls or send texts

Notifications about account changes you didn't make

Receiving 'SIM not provisioned' errors

Emails about password resets you didn't request

Locked out of your online accounts

If you suspect a SIM swap: Contact your carrier immediately from a different phone. Then change passwords for your critical accounts (email, banking) from a secure device.

How to Protect Your SIM Card

Follow these steps to reduce your risk from SIM-based attacks.

Enable SIM PIN

Set a PIN code that must be entered when your phone starts. This prevents unauthorized use if your SIM is stolen.

1Go to Settings > Security (or Cellular)
2Find 'SIM card lock' or 'SIM PIN'
3Enable and set a 4-8 digit PIN
4Store the PIN securely - you'll need it on reboot

Add Account PIN with Carrier

Set up an additional PIN or password that must be provided for any account changes, protecting against SIM swap attacks.

1Contact your carrier's customer service
2Request to add an account security PIN
3Choose a unique PIN not used elsewhere
4Enable 'port freeze' if available

Consider eSIM

eSIMs are embedded in your phone and cannot be physically stolen. They also can't be swapped at a store without your authentication.

1Check if your phone supports eSIM
2Check if your carrier offers eSIM
3Request to convert to eSIM
4Keep your physical SIM as backup

Monitor for Suspicious Activity

Watch for signs that your SIM or account may have been compromised.

1Set up account alerts for any changes
2Check for unexpected service interruptions
3Review your monthly bill for unknown charges
4Be wary of calls claiming to be from your carrier

Should You Switch to eSIM?

eSIM Advantages

Cannot be physically stolen or removed
Harder to swap at a store without authentication
Can have multiple profiles on one device
Remote provisioning is more secure
No supply chain physical tampering risk

eSIM Limitations

Not all phones support eSIM
Not all carriers offer eSIM
Can't easily swap between devices
Still vulnerable to carrier-side attacks
International travel may be more complex

Learn More About Mobile Security

SIM security is just one part of protecting your cellular identity. Explore more topics to build a complete security strategy.

Safe Phone Options Carrier Security

What Your SIM Card Actually Does

A SIM (Subscriber Identity Module) card is a small computer that stores your cellular identity. It contains:

Identity Data

IMSI - Your unique subscriber ID
Ki - Secret authentication key
ICCID - SIM card serial number
LAI - Location area information

Processing Capabilities

Run applications (SIM Toolkit)
Receive remote commands via SMS
Store contacts and messages
Execute cryptographic operations

Known SIM Card Vulnerabilities

Security researchers have discovered serious vulnerabilities in SIM card technology that affect billions of devices worldwide.

Simjacker Attack

critical

CVE-2019-16256

Allows attackers to track location, intercept calls, and retrieve sensitive data by sending specially crafted SMS messages to the SIM card's S@T Browser.

Affected: 1 billion+ SIM cards worldwideDiscovered: 2019

WIBattack

high

Similar to Simjacker, exploits the Wireless Internet Browser (WIB) on SIM cards to execute commands without user awareness.

Affected: Hundreds of millions of SIMsDiscovered: 2019

SIM Swap Fraud

critical

Social engineering attack where criminals convince carriers to transfer your phone number to their SIM, gaining access to 2FA codes and accounts.

Affected: All SIM usersDiscovered: Ongoing

Remote OTA Updates

medium

SIM cards can receive over-the-air updates that modify their behavior. Malicious updates could add surveillance capabilities.

Affected: Most modern SIMsDiscovered: Architecture flaw

Major SIM Card Manufacturers

Understanding who makes SIM cards can help you make informed choices about your cellular security.

Manufacturer	Country	Market Share	Status	Notes
Thales (Gemalto)	🇫🇷France	~30%	Safe	Major Western manufacturer, acquired Gemalto in 2019
Giesecke+Devrient	🇩🇪Germany	~25%	Safe	German security company, trusted by major carriers
IDEMIA	🇫🇷France	~20%	Safe	Formed from merger of Morpho and Oberthur Technologies
Eastcompeace	🇨🇳China	~10%	Caution	Chinese state-owned enterprise, supplies some budget carriers
KONA I	🇰🇷South Korea	~5%	Safe	Korean manufacturer, supplies Asian markets

Should You Switch to eSIM?

eSIM Advantages

Cannot be physically stolen or removed
Harder to swap at a store without authentication
Can have multiple profiles on one device
Remote provisioning is more secure
No supply chain physical tampering risk

eSIM Limitations

Not all phones support eSIM
Not all carriers offer eSIM
Can't easily swap between devices
Still vulnerable to carrier-side attacks
International travel may be more complex