A website called SimSwap gives fraudsters a scary powerful tool to intercept text messages, swap sim cards, turn off phones remotely, and even bypass fraud controls like 3D-Secure.
And it’s all available right online for anyone to buy. It’s no longer just for sophisticated hackers accessing secret dark web marketplaces.
The software exploits flaws in the aging SS7 Network, a Telecom provider’s signaling system which controls how telephone calls are routed and billed. It also enables services like SMS text messaging, voice mail, call forwarding, and mobile phone roaming.
The hacking software, which is sold online, can be purchased for as little as $250 for a one-day trial or up to $8,000 for permanent access to all the bells and whistles.
These tools require a little technical know-how but hey, what hacker out there doesn’t have at least some technical capability?
This software puts an ultimate hacking ability right in the hands of scammers and fraudsters so they can commit account takeover and identity theft while bypassing all fraud controls.
A Hackers Delight – Sim Swapping, ByPass One Time Passcodes, Spoofing, and Tracking
Criminal-minded hackers love this software. By gaining access to the SS7 Network they can essentially engage in a variety of “Man in the Middle” attacks which give them scary and powerful capabilities.
Imagine one day looking down at your phone and seeing that you have no service? You panic. Someone on the other side of the world has used this software to swap your SimCard to their phone and now they are hacking into your bank account to do some heavy damage.
But that is just one of the things that they can do. There is a whole lot more damage they can inflict with this software.
Here are a few of the crazy things hackers can do when they buy and use this software.
#1 They Can Intercept Text Messages and One Time Passcodes To Take Over Your Accounts
Since SS7 plays a part in sending SMS messages, hackers can use the software to register a victim’s phone number to a new fake switching center.
So when they hack into the victim’s banking account and login, they can intercept the One Time Passcode and gain full access.
#2 They Can Intercept Calls, Record Them and Invade Your Privacy
As with text messages, hackers can intercept calls meant for the victim’s phones. The hacker can intercept a call destined for the victim’s phone and redirect it to their own VoIP provider or IP-PBX.
#3 – They Can Spoof A Text Message, Enabling More Successful BEC and Gift Card Scams
The software enables hackers to spoof any phone number – including your own – to send text messages to your contacts.
So for example, they could send an urgent message originating from the CEO’s phone number urging you to go out and buy gift cards or wire funds to a third party – a classic BEC scam.
#4 – They Can Track a Mobile Phones Locations and Find Out Where You Are
According to SOS Intelligence, software like this can also be used to track the approximate location of a victim’s cell phone.
Based on their research, within the SS7 network of a network operator it may be possible to request the LAC (Location Area Code) and Cell ID and with that information get a reasonably good location for a victim.
#5 – They Can Swap Sim Numbers On A Victims’s Phone And Take Over Your Phone Completely
The SimSwap website demonstrates how they can clone a Sim with their software online. The software retrieves all the data a hacker needs to write on the SIM (including KI decoding from the network). Then with their SimSwap software, the hacker can write the SIM card with all data and have a network signal.
Over 84 Domains Are Selling Software Like This Online, Many Are Scammers
SOS Intelligence investigated the availability of these SS7 Exploitation services on the dark web in 2021 and found 84 different services that were offering software like this.
The domains included names like
- SS7 Exploiter
- SS7 ONLINE Exploiter
- SS7 Hack
- Dark Fox Market
As they dug deeper, it appeared that some of these sites were offering legitimate services, but they also found that very often, the sellers were nothing more than scammers trying to steal money from newbie fraudsters and scammers that didn’t know any better.
An Aging System Which Hackers Are Exploiting To Steal Your Identity And Your Privacy
According to Mary Ann Miller, Vice President at Prove, this software is another example of hackers exploiting the decades-old SS7 Network to steal identities and even invade a person’s privacy.
“The reality of the present day is that our most intimate details, from our financial transactions to our private conversations, can be accessed by low-budget hackers located anywhere in the world without them ever leaving their rooms. This is made possible through weaknesses in the SS7 protocol. So, no longer is it necessary to imagine a world like this, as it already exists. This software puts that capability right into the hands of these bad actors.”
Bug Tracked and Hacked From Anywhere In The World – Your Phone Is A Weapon Of Destruction
The vulnerabilities of SS7 have been known for many years. In 2015, 60 Minutes Australia reported on the aging system’s real-world espionage and hacking risks.
You can watch the enlightening report here.
Investment Is Needed To Protect The Network, And Maybe Regulators Need To Force The Issue
According to fraud fighter Jake Emry, the aging SS7 Network needs a massive investment to close off these gaps that are being exploited.
According to Emry, “SS7 vulnerabilities are proof in point that the telecom industry is not investing at the same scale as the speeds and coverage that faster networks are capable of – and if they don’t change immediately, regulators should force them to make security and privacy a higher priority.”
I don’t know about you, but this new powerful software tool scares the heck out of me.
What do you think? Is this a real risks, or just another way for scammers to steal from scammers?
Update – Simswap.su Was Taken Offline And is Now Unavailable. Several Security Experts Believe The Software Is Just A Scam
About a week after this article the website SimSwap.su was taken offline. It is no longer accessible. But it appears that the site can still be accessed at SimSwap.ru for the moment anyway.
I am not sure if this is temporary or permanent event but it is interesting it was taken down so quickly after it gained more exposure.
By the way, I have heard from a couple of different security experts that believe SimSwap.Su was nothing more than a ripper site designed to steal from other scammers.
One noted that many of the exploitations that this software claimed to be able to perform were completely false and that any gaps in SS7 were plugged years ago and no longer represented a threat.
If you have any additional insights into this matter, please reach out to me. Is this a scam? Or is it a real threat?