Preventing SIM Hi-Jacking and Fraud
For many organisations, text messages (SMS) have become the default medium to communicate with customers, often to send highly sensitive data. For example, a one-time passcode (OTP) used to access critical systems and services as part of a multi-factor authentication (MFA) system.
Despite this, SMS remains an ‘insecure’ technology. As IoT takes hold, and with the increase in devices and associated security requirements it brings, this is becoming an increasingly pressing problem. Secure communication with devices is critical and must be addressed.
This is particularly the case because SMS remains an extremely efficient method of communication. The problem arises because it was never designed to be ‘high risk’ content platform and there are several inherent weaknesses in the SMS ecosystem. Inevitably, this is particularly the case where the message content is of high interest to hijackers, who are increasingly trying to identify and exploit the weak links.
Many organisations are now prioritising ramping up security in the network. The 5G standard is encrypting the IMSI and making such hijacking more difficult. However, in the many extant 2G, 3G and 4G networks, the IMSI remains unencrypted and thus a big security risk.