From this article, you will learn how you can simultaneously use the Wi-Fi adapter in different modes. And how to add AP interface in iw.
1508 
SIM swapping is a dangerous cyberattack that allows attackers to gain control over your phone number. In this article, you will learn how SIM swapping works, what methods hackers use to gain access to your confidential information, and what real-life incidents have occurred due to this attack. We will also look at effective protection methods that will help you avoid financial losses and hacking your accounts. Don’t miss important tips for improving your security and learn how to minimize the risk of becoming a victim of SIM swapping.
SIM swapping, also known as SIM jacking, is a type of cyberattack in which fraudsters trick a mobile operator into porting a victim’s phone number to a SIM card under their control. This allows attackers to intercept calls and SMS, gain access to sensitive data, and hack into accounts that use the phone number for authorization.
To understand how SIM swapping works, it is important to consider the different steps involved in this malicious technique:
Collecting personal information: First, the attacker collects data about the victim, such as full name, date of birth, and mobile phone number. This information can be obtained through social engineering, data leaks, or open sources. The more details the scammer has, the easier it is for them to convince the mobile operator.
Impersonating the victim: Armed with personal information, the attacker contacts the mobile operator, posing as the owner of the number. They claim to have lost the phone or SIM card and ask to activate a new SIM card with the same number. In some cases, scammers use fake documents to verify their identity.
Number porting: If the operator agrees, the phone number is redirected to the scammer’s SIM card. From now on, all calls and messages sent to the victim will be received by the attacker, and the real owner of the number will lose mobile connectivity.
Unauthorized access to accounts: By controlling the number, an attacker can bypass two-factor authentication (2FA) via SMS codes. This opens the way to email, bank accounts, cryptocurrency wallets, and other important services. Using the access gained, the fraudster can change passwords, confirm financial transactions, and cause significant losses to the victim.
To protect against SIM swapping attacks, consider implementing the following preventive measures:
Additional protection: Use the security options offered by your mobile operator. For example, you can set a PIN or password for any SIM-related changes. This will make it impossible to transfer your number without entering the correct code, which will significantly reduce the risk of unauthorized SIM swapping.
Restrict public information: Be careful about what personal information you post on social media or share with third parties. The more information an attacker has, the easier it is for them to impersonate you and convince your operator to activate a new SIM card.
Alternative authentication methods: Avoid using SMS codes to confirm your login. More secure alternatives are two-factor authentication (2FA) apps or hardware security keys (such as YubiKey). These generate unique codes that cannot be intercepted, which significantly reduces the risk of SIM swapping fraud.
SIM swapping attacks are becoming an increasingly significant problem for individuals and organizations due to their potential to cause significant financial and personal losses. Here is some additional information to deepen your understanding of this cyberattack:
Legal aspects: The legal framework for SIM swapping varies from country to country. In some countries, the practice is considered a criminal offense, while in others there are no clear legal provisions regarding such attacks. This can make it difficult to prosecute perpetrators, and the responsibility for protecting personal data often falls on the victims themselves.
High-profile cases: SIM swapping has repeatedly attracted media attention in recent years, as victims of this fraudulent scheme have lost significant funds and sometimes access to important personal or professional information. These cases highlight the danger of such attacks and the need to increase digital literacy to prevent fraud.
Countering the threat: Recognizing the scale of the problem, mobile operators and cybersecurity companies are actively improving protective mechanisms. These include enhanced user identification procedures, stricter control of SIM card activation, and real-time monitoring systems for suspicious activity that help detect fraud attempts.
In summary, SIM swapping is a dangerous type of cyberattack that poses serious risks to both individuals and companies. Understanding the mechanics of this fraudulent scheme and implementing security measures will help minimize the threat and avoid financial and personal losses. By practicing digital hygiene and using secure authentication methods, you can significantly reduce the risk of becoming a victim of SIM swapping.
We explain what the danger is for organizations and how to protect yourself from such attacks.
This attack technique has been around for a long time, but it remains relevant due to its high effectiveness. SIM swapping poses a serious threat to businesses, as attackers can use it to gain access to corporate communications, important accounts and financial data of companies.
Most often, fraudsters target text messages, in particular one-time verification codes that are received via SMS. Having gained access to these codes, they can log in to the victim’s accounts and confirm financial transactions.
The process of SIM swapping can occur in various ways. Sometimes the attackers’ accomplices work in communication salons or in the offices of mobile operators, which allows them to activate a new SIM card unnoticed. In other cases, fraudsters deceive operator employees using fake documents or social engineering methods.
The main problem is that SIM cards and mobile numbers are used for other purposes. Initially, they were not created as universal identifiers, but over time they have become the key to many services. Because of this, SMS verification codes can become a weak point in the security system – one convincing call to the operator is enough for the attacker to gain access to a new SIM chip with your number.
For companies, a SIM swapping attack most often means financial losses. Recently, cryptocurrency assets have become particularly attractive to hackers, as they are quickly transferred, easy to steal, and the owners are more difficult to identify. At the same time, this method can be part of an even larger attack aimed at compromising businesses or high-ranking officials.
Here, for example, is a completely new case: On January 9, 2024, the Twitter account of the U.S. Securities and Exchange Commission (known as the SEC) posted a message stating that the SEC had finally approved the listing of Bitcoin exchange-traded funds on U.S. exchanges.
This positive development for Bitcoin had been long awaited, so the news did not seem far-fetched. Of course, after the tweet was published, the price of Bitcoin soared by about 10%, to $48,000.
The tweet was later deleted, and replaced with a message that the SEC account had been compromised. The next day, X/Twitter released a statement saying that their systems had not been hacked, and that the incident was caused by an attacker gaining access to the phone number that the SEC account was linked to. Presumably, he profited from the jump in the price of Bitcoin that occurred after the publication of the fake ad.
Towards the end of January, the US Securities and Exchange Commission confirmed that their Twitter account had been hacked using SIM swapping. It turned out that two-factor authentication (2FA) had previously been used to protect the account, but in July 2023, it was disabled at the request of SEC staff due to difficulties logging in. After the technical problems were resolved, 2FA was never turned back on, which left the account vulnerable to the attack that occurred in January.
It recently became known that one of the largest crypto heists in history was carried out using SIM swapping. This is the theft of $ 400 million from the FTX crypto exchange in the fall of 2022.
Initially, suspicion fell on the founder of FTX, Sam Benkman-Fried, but further investigation showed that he was probably not involved in this crime. Recently, formal charges were brought against a group of cybercriminals led by Robert Powell. It was this organized criminal group that carried out the attack and embezzled hundreds of millions of dollars using the SIM swapping technique.
The indictment reveals that this robbery was not the first nor the last for this group of cybercriminals. They have repeatedly used SIM swapping, and among their victims are dozens of people. In addition to the FTX case, the documents mention at least six other cases of successful theft of large sums of money.
Victim selection and data collection: First, the fraudsters searched for a target and collected their personal data.
Creating fake documents: One of the accomplices produced fake documents in the victim’s name, but with a photo of another criminal who was supposed to receive a new SIM card.
Obtaining a SIM card: Using these documents, the accomplice went to the mobile operator’s office and changed the victim’s SIM card to their own.
Accessing finances: The fraudsters then used the SIM card to intercept SMS codes needed to log into bank accounts and approve financial transactions.
Stealing funds: Using the intercepted codes, the criminals transferred money to their own accounts.
Interestingly, the very next day after the FTX robbery, the same criminals pulled off a similar scheme, stealing another $590,000 from a private individual.
As the above cases show, when significant amounts of money are involved, the SIM card and two-factor authentication (2FA) via SMS can be the weakest point in security. SIM Swapping attacks are extremely effective, so there is no doubt that fraudsters will continue to use this method in the future.
Use alternative methods for linking accounts. If possible, avoid using a phone number to link accounts. Use email or other methods of identification instead.
Turn on notifications for new logins. Activate notifications for logins to detect unauthorized actions in time. Check for such notifications regularly and respond immediately to any suspicious activity.
Do not use SMS for two-factor authentication. If possible, refuse 2FA via SMS codes, as they can be intercepted in a SIM swapping attack.
Choose secure 2FA methods. The best alternatives are authenticators (Google Authenticator, Authy) or FIDO U2F hardware keys (e.g. YubiKey), which are much more difficult to forge or steal.
Use strong passwords. Passwords should be unique, long, and random. It is best to generate them using password managers, which will also help you store them securely.
Protect your devices. Make sure to secure devices that store passwords and have authenticator apps installed. Use antivirus, data encryption, and avoid installing suspicious software.
By following these measures, you will make it much more difficult for attackers to steal your data and protect your finances and accounts from SIM swapping attacks.
SIM swapping is a fraudulent scheme in which an attacker impersonates the owner of a number in order to convince a mobile operator to issue a new SIM card. This uses social engineering techniques, where the fraudster claims that their phone has been lost, stolen, or damaged, when in fact the number belongs to someone else. Once they have control over the number, the attacker can intercept calls and SMS, which makes it easier to steal personal information.
To better understand this scheme, you need to understand what a SIM card is. It is a small chip issued by a mobile operator that allows you to make calls and send text messages. It is through this module that a person is authorized in various services, which makes the SIM card an attractive target for fraudsters.
To perform a SIM card swap, attackers first collect as much personal information about the victim as possible. This allows them to more convincingly impersonate the owner of the number when communicating with a mobile operator, using social engineering techniques. Having received the necessary information, they contact the mobile operator, stating that the phone was allegedly lost or damaged along with the SIM card.
Often, scammers claim that they already have a new device and all they need to do is activate a new SIM card. If the operator agrees and fulfills the request, the phone number automatically passes under the control of the attacker. This means that all calls and text messages that should come to the victim are redirected to the scammer’s device.
This type of attack is especially dangerous because it opens up access not only to phone conversations, but also to critical information. Attackers can receive calls from banks and other financial institutions, as well as intercept SMS with verification codes and password resets. This allows them to log into the victim’s personal accounts even without knowing the password, making SIM card swapping a powerful tool for stealing confidential data and financial resources.
In February 2022, the US Federal Bureau of Investigation (FBI) published an official warning about the increase in the number of attacks related to SIM card swapping.
According to the Internet Crime Complaint Center (IC3), from January 2018 to December 2020, 320 complaints related to SIM swapping were received. The total amount of damage from these attacks amounted to about $ 12 million.
However, in 2023, the number of such cases increased more than fivefold, reaching 1,611 complaints. As a result, financial losses exceeded $ 68 million.
These statistics demonstrate that SIM swapping is one of the most dangerous cyberattacks, causing serious financial and personal losses every year.
Here are some signs that your SIM card may have been replaced.
Your mobile connection suddenly disappears. You can no longer make or receive calls, or send or receive text messages. This is one of the most obvious signs that your SIM card has been swapped.
Unauthorized financial transactions. Suspicious transactions have appeared in your bank accounts. Criminals who have gained control of your number can use it to access your bank accounts and make payments.
Unexpected messages from your operator. You have received SMS messages with verification codes that you did not request. This could mean that a fraudster is trying to log into your accounts or is changing your SIM card.
Notification of new device activation. You have received a message from your mobile operator that a new device or SIM card has been successfully activated, although you did not request such a request.
If you notice at least one of these signs, immediately contact your mobile operator, check access to your accounts, and change important passwords.
Using multi-factor authentication significantly increases the security of your accounts, as you need to verify your identity using multiple methods to log in. If scammers get your login details, MFA will prevent them from logging in without additional verification.
It’s best to use authentication methods that don’t rely on SMS, as the verification code sent via text message can be intercepted in the event of a SIM Swapping attack. Instead of SMS, it’s better to use authentication apps (e.g. Google Authenticator, Authy) that generate time-based one-time passwords (TOTP). Some password managers also allow you to save TOTP codes, which allows you to retrieve them from any device without risking losing access.
Scammers do a thorough job of researching their victims before contacting their mobile operator. They may gather information through Google searches, social media, or phishing attacks. In some cases, they use malware to get more data.
To minimize the risk, you should limit access to your personal information and avoid posting information that could help attackers impersonate you.
Each account should have a unique, random, and complex password. This, along with MFA, greatly increases the level of security. To make it easier to store and generate passwords, we recommend using password managers.
In addition to the convenient autofill of login fields, password managers protect you from keyloggers that can record keystrokes and steal login details.
Some mobile carriers offer protection against fraudulent SIM card swap attacks. For example, companies like AT&T, T-Mobile, and Efani offer additional layers of security.
It’s worth clarifying whether you need to manually activate SIM card protection or if it’s applied automatically. If your mobile operator doesn’t have such security measures, you should consider switching to a more secure provider.
SIM swapping is a dangerous cyberattack that allows attackers to gain control of your phone number, which gives them access to financial accounts, social networks, and personal data. Using social engineering, scammers can convince your mobile operator to transfer your number to a new SIM card, after which all calls and messages will be sent to them.
To protect yourself, it’s important to abandon SMS authentication, use strong passwords, and multi-factor authentication (MFA) via apps or hardware keys. You should also limit public access to personal data and check if your mobile operator offers SIM card protection.
Understanding the risks and implementing effective security measures will help minimize the threat of SIM swapping and protect your financial and digital assets from fraudsters.
1508 
2493 
563