eSIM

Can an eSIM be hacked? Here’s what you need to know

With eSIMs catching on around the world, you’re probably keen to find out how safe they are and if they can be targeted by shady cybercriminals. While eSIMs are definitely safer than the tiny SIMs we’ve been putting in our phones for decades, no technology is completely safe from hacking. Here’s what you need to know about eSIMs and their chances of getting hacked.

original tiktok svg
original x svg
original facebook svg
original instagram svg
original youtube svg
saily blog author ema globyte
Ema Globytė

11 min read

two men talking about esim hacking

Can eSIMs be hacked? 

This probably isn’t the answer you hoped for — but yes, eSIMs can be hacked. The truth is, almost anything these days can be hacked — phones, laptops, tablets, and even the smart fridge where you keep your cans of kombucha! While eSIMs are definitely a step up from traditional SIM cards in terms of security, they’re not immune to hacking. 

However, the good news is that you can prevent most eSIM hacking attacks with good cybersecurity habits. We’ll cover them below. 

eSIM hacking: Types of attacks 

Hackers can target eSIMs in many different ways, often involving some form of social engineering. Here’s a quick summary of the attacks eSIM users should be aware of. 

eSIM swapping 

SIM (and eSIM) swapping is when someone tricks your phone company into moving your phone number to a new SIM they can control. The culprits then have your phone number, which can get them into your accounts and lead to all kinds of trouble. 

While the risk of SIM swapping is lower with an eSIM, it can still happen. Hackers often use social engineering to learn about their victims before calling up the network and pretending to be them. 

For example, they may use phishing emails to get the user to provide personal details, account numbers, and even passwords. If the user falls for it, the hackers will have plenty of information with which to contact the network provider, asking them to transfer the eSIM profile to a new device. 

Ultimately, it boils down to the authentication process on the network provider’s end. The more rigorous the authentication process — the harder it will be for hackers to convince the network they’re the actual user. 

Malware attacks 

While a malware infection won’t always be linked to eSIM hacking, having malware on your device may make it easier for hackers to access and tamper with your eSIM.

Malware infections can happen in many ways, from opening an infected email attachment to visiting a malware-ridden site. When the malware infects a user’s device, it typically targets the weak spots in the device’s operating system — and may eventually allow the attackers to gain control over your eSIM. 

Firmware security gaps 

Hackers are clever. They know that people are always “in the middle of something,” making them delay their software updates. While eSIM updates are typically carried out remotely by the provider, users are still responsible for installing firmware updates. If they forget to do so or keep putting it off for weeks, an attacker could use unpatched security gaps to hack into the eSIM. 

eSIM security measures 

Although eSIM technology hasn’t been around for that long, security has always been an important aspect of it. Let’s look at the security measures that make eSIMs safe. 

Better physical security 

While traditional SIM cards can be physically removed from your device, an eSIM is embedded in your phone and is impossible to remove. That means no hacker or thief will be able to remove or tamper with it in any way.

Strong encryption 

Some network providers use robust encryption to safeguard data while it travels. Encryption is a sophisticated process that scrambles your data to make it unreadable to hackers and snoopers. While not all providers use this technology, the ones that do massively improve eSIM user security. 

Strong authentication 

eSIM providers typically use advanced authentication methods to verify that the user is who they claim to be. These authentication methods may include passphrases, security tokens, or biometric data (like your face ID). So if a hacker tried to activate your eSIM on a new device, the provider would (hopefully) catch this in the authentication process. 

Secure over-the-air (OTA) updates 

Your eSIM is managed remotely by your carrier, meaning you get updates for it securely over the air (OTA). The provider will update your eSIM and patch up security gaps without you having to do anything. And that’s great because, let’s face it, most people only install updates when they can no longer ignore the annoying pop-ups. 

What can a hacker do with your eSIM? 

Hacking into an eSIM is a tough job — so why would a hacker go through all the trouble? Well, taking control of your eSIM may unlock doors to several accounts at once, giving hackers better chances of succeeding. Here’s what someone may be able to do with a hacked eSIM. 

  • Access your authentication codes. Two-factor authentication (2FA) is meant to protect your accounts from hackers, so the thought of them using it against you may send shivers down your spine. But if a hacker has managed to hack into your eSIM, they may be able to access your one-time codes and unlock your accounts (such as banking, social media, and email). 

  • Get your texts. Someone hacking into your eSIM is a huge privacy risk because they may be able to receive texts, photos, and videos meant for your phone number. You may think: “Who sends text messages these days? It’s all about instant messaging!” Well, because that’s also tied to your phone number, our IM apps would be accessible, too. 

  • Steal your identity. Unfortunately, having your eSIM hacked may also put other people at risk. Armed with your phone number and “identity,” hackers could reach out to your contacts asking for money. Of course, faking someone’s voice is tricky, so they’ll most likely try to communicate via messages, which some people may not fall for. That said, with phone calls in decline, it’s highly possible that someone would ask for bank transfers over instant messaging, making it easier for hackers to fool people. 

Can an eSIM be tracked?

Yes, an eSIM can be tracked, just like an old-school SIM card. The main parties you need to know about are your network provider and cybercriminals. 

  • eSIM tracking by a network provider. As long as you’re connected to a carrier, it can track your eSIM for legitimate purposes (like providing services). It can also be helpful in situations where your eSIM-compatible phone has been stolen, but the built-in GPS or location services have already been disabled. The network may use triangulation — a special method that gets information from nearby cell towers — to help find out the approximate location of your device. 

  • eSIM tracking by cybercriminals. The bad news is that if a network can track your eSIM, so can hackers. Tracking an eSIM for illegitimate purposes is not easy, so the hackers would need to be experts at compromising devices and finding network vulnerabilities. In fact, your mobile devices can be tracked by hackers in various ways, not just through eSIMs. For example, hackers may use GPS, Wi-Fi positioning, and even cellular data to track your device. This topic requires a separate blog post — but taking the right steps to defend yourself against tracking is crucial.

Signs that your eSIM may be hacked 

How do you know if your eSIM has been hacked? Sometimes, it can be hard to tell because the signs are so easy to miss. However, it’s worth knowing what to watch out for. 

  • Security alerts from the carrier. If you receive an alert about account changes you didn’t request, someone may have hacked into your eSIM. It’s wise to contact your carrier directly to ask for more info. 

  • A text asking you to restart your device. If you’ve received a restart request from your network carrier or another source, get in touch with your eSIM provider. It may be that someone’s got hold of your eSIM. 

  • Unusual charges on your bill. If the hackers managed to hack into your eSIM and are helping themselves to your texts and minutes, you’re likely to see some unusual charges on your bill. 

  • Suddenly losing service. If you’ve suddenly stopped receiving texts and calls, something may be off. The lack of service may indicate someone else has control of your phone number. 

  • Your phone appears somewhere else. Got one of those “Find my phone” apps? Check your phone’s location using another device. If your phone appears to be somewhere else, get in touch with your eSIM provider.

  • Getting locked out of your accounts. If you suddenly can’t log in to the accounts you were able to access without problems before, it’s possible that the hackers have managed to gain access and have changed your passwords. While this sign is not exclusive to eSIM hacking, it should definitely ring alarm bells.

What should you do if your eSIM is hacked?

If you’re noticing these signs and suspect your eSIM may be hacked, it’s important to take action fast. Here’s what you should do right away. 

  1. Contact your eSIM provider. Let them know that you suspect someone’s hacked into your eSIM. They’ll be able to look into the situation and advise you on the next steps. 

  2. Change your passwords and PINs. Update your passwords on your network provider’s account, mobile devices, and other linked accounts. Create long and complex combinations — they are much harder to guess. 

  3. Activate multi-factor authentication (MFA). The next step is to make it even harder for hackers to get into your accounts. Turn on MFA — but be careful not to use your phone number in case hackers have access to your calls or texts. Instead, use a security question or biometrics like facial recognition. 

  4. Keep a close eye on your account. Watch out for suspicious activities like strange calls, texts, or unauthorized changes to your settings or phone plan. If you spot anything after having informed your network provider, it’s best to contact them again.   

How to protect yourself from eSIM hacking

Keeping yourself safe from eSIM hacking comes down to good cybersecurity habits. If you’re generally careful and skeptical online, then hackers will have a hard time hacking into your eSIM. Let’s look at the cybersecurity measures that’ll help you keep your eSIM and accounts safe. 

Keep your software up to date 

The good thing is that the devices you use have a lot of security features and robust ways to defend against cyberattacks. The teams behind each device, operating system, and app are always working to address outstanding security gaps — so when an update is available, take it. Install it on your device right away so that you’re protected. 

Know what phishing looks like 

Phishing is one of the most common ways for cybercriminals to steal personal information. Don’t let hackers fool you — always be cautious. If you receive an email asking you to click on a link, open an attachment, or provide personal information, give yourself some time to think. 

Does it tick all the boxes of a legitimate email — or does something feel off? Keep in mind that companies will never ask you for sensitive information over email or by phone, so if you receive a request like that (especially if it sounds urgent), look into it before you do anything.

Sometimes, you may get phishing calls or text messages. Unexpected calls from your phone provider, bank, or another organization are highly unlikely, so if you get a call like that, don’t give out any details. 

Use strong authentication 

Multi-factor authentication (MFA) is great for making your accounts more secure. If someone tries to log in to your account with your stolen credentials, they’ll be asked to confirm their identity with a second authentication step (for example, a one-time password, email verification, or face ID). 

However, if cybercriminals have managed to break into your eSIM, they may be able to complete SMS verification on your behalf. That’s why it’s a good idea to set up an MFA method that doesn’t rely on text messages or calls, like using an authentication app. 

Create strong passwords 

Long and complex passwords with a good mix of lowercase and uppercase letters and symbols are the way to go. Strong passwords make it much harder to break into your accounts and are the number one rule when it comes to online security. 

Keep your passwords unique — don’t reuse the same password for different accounts. It’s bad enough to find out that a hacker’s broken into one of your accounts, but it’s even worse if all your accounts are then accessible with the same login details! 

Regularly back up data 

If your phone or eSIM is hacked, you may be at risk of losing the data stored on your device. It could be your photos, videos, notes, or contacts. These days, we keep so much information on our phones that surviving without it may seem nearly impossible. Keep your information backed up, and you’ll always have a plan B should something go missing because of a hack.

original tiktok svg
original x svg
original facebook svg
original instagram svg
original youtube svg

saily blog author ema globyte
Ema Globytė

Ema’s an avid globetrotter who loves discovering new destinations and immersing herself in local cultures. When she’s not browsing flight-finder apps, she’s writing about all things travel, eSIM, and staying connected abroad.