Hackers clone sim to loot your wallet

By Balamurugan Selvaraj Published on Oct 31, 2017 03:43 PM IST

In this era, it is not possible to assure 100 percent safety during online bank transactions. People have shifted from P-P transaction to online transactions.

This change has boosted the economic and IT industry. But the method used by banks and online vendors to allow such transactions, has worried consumers of cyber attacks.

A few weeks ago, an unknown hacker or hackers stolen Rs 1.3 lakh from a bank account.  The victim, Shashwat Gupta, works in a private firm at Kerala, has raised a complaint on his Facebook page about the money he lost.

As per the report, an unnamed hacker or a group cloned the sim card of Gupta, which is linked to his bank account. After cloning the card, the crook contacted the victim as a telecom professional and urged him to text his Aadhaar number to customer care to avoid further disconnection.

Unaware of the trap, Gupta texted his Aadhaar number. Using an SMS bouncing trick, the hacker looted the Aadhaar number and used it for the tele-verification process to activate the cloned sim-card.

Cloning sim card is a decade old trick, used by investigating professionals to eavesdrop criminals calls and chats. Now, the hacker used this trick and looted the wallet.

Just with a blank programmable SIM card, SIM Firmware reader/writer, MagicSIM programme and USB SIM card reader, which are available in major shopping carts, one can easily clone the sim card in less than an hour- as per a researcher at Hackagon.com.

According to the post, this allows anyone to duplicate sim cards manufactured on the COMP128v1 algorithm using the above-mentioned props.  

As per the online data, sim cards manufactured globally are designed based on COMP128- algorithm. Sim cards manufactured with COMP128v1 are the most vulnerable due to a weak algorithm. The upgradation of algorithms in v2, v3 and v4 devised by reverse engineering found to be less vulnerable than the original version.

To avoid such crimes in future, banks should add some extra authentication systems, rather than OTP. And it is not quite difficult for an hacker to steal OTP by overlaying the user's smartphone, either through vulnerable malware or app.

What about biometric security system's?  

Similar to OTP, there are flaws in biometrics too. Starting from fingerprint, iris and as well as facial authentication, an hacker can manipulate the registry with the developed images of victim - as confirmed by Chaos Computer Club, a hackers forum.

A year ago, master cards tried to built fingerprint authentication pads in ATM cards for authenticating transactions in South Africa. Though it has floored with several criticisms on security, bank officials strongly believe in fingerprints than pins, says reports.

What could be better?

An assistant professor named Wenyao Xu of University of Buffalo, The State University, New York told that the future security depends on heart's shape and motion.

He said, "Each person has a unique heart. If we can get the 3D shape and motion patterns of a person's heart, it is possible to discover new biometrics. OTP and other biometrics are not as secure as heart biometric. Our invention is not visible to the naked eye and it cannot be stolen."

Will it work in India?

However, it's possible, but quite expensive and works rare in India. To ensure better security, apart from banks, every individual should take responsibility in protecting the savings by safeguarding the data including Aadhaar details, personal information. Before sending your data to someone, look on to the reason for sharing the data and credibility of the person on other end.