Over the past year, there has been a dramatic rise is SIM swaps which is the last step that bad actors take to conduct account takeovers (Bank and crypto accounts). What security measures will Apple employ to prevent SIM swaps with this new feature of eSIMs?
Apple can’t do anything to prevent SIM swaps of any kind. “SIM swap” is a misnomer; the physical SIM is not swapped; what happens is a criminal contacts the carrier and gets a new SIM issued with your phone number, which cancels your SIM. To do this they either need to convince the carrier’s agent that they are you, or they need to bribe the carrier agent (more common than you would think, but carrier phone centers are staffed by minimum wage workers, frequently in other countries such as India or Philippines). This can happen with either a physical SIM or an eSIM, as the SIM itself is not required for the switch. And having a SIM PIN doesn’t help either, because the SIM itself, that is locked with a PIN, is not involved in the process. SIM PIN only protects against the physical SIM being stolen.
What you can do is add additional security to your carrier account, typically 2 factor authentication. This is only a partial solution, because with most carriers support reps can override the 2 factor authentication; it isn’t as secure as Apple’s, because Apple support reps cannot override 2FA. (Which can be really frustrating if you can’t receive your code, but does provide better security).
Apple can’t do anything to prevent SIM swaps of any kind. “SIM swap” is a misnomer; the physical SIM is not swapped; what happens is a criminal contacts the carrier and gets a new SIM issued with your phone number, which cancels your SIM. To do this they either need to convince the carrier’s agent that they are you, or they need to bribe the carrier agent (more common than you would think, but carrier phone centers are staffed by minimum wage workers, frequently in other countries such as India or Philippines). This can happen with either a physical SIM or an eSIM, as the SIM itself is not required for the switch. And having a SIM PIN doesn’t help either, because the SIM itself, that is locked with a PIN, is not involved in the process. SIM PIN only protects against the physical SIM being stolen.
What you can do is add additional security to your carrier account, typically 2 factor authentication. This is only a partial solution, because with most carriers support reps can override the 2 factor authentication; it isn’t as secure as Apple’s, because Apple support reps cannot override 2FA. (Which can be really frustrating if you can’t receive your code, but does provide better security).
Please use SIM Pin Lock. That SIM can never be re-used without the SIM Pin. --> Use a SIM PIN for your iPhone or iPad - Apple Support
Thank you for the explanation Lawrence. Very informative
Fraudulent SIM swaps and eSIM
