eSIM vs Physical SIM: Which is more secure, and how scammers are attacking the weakest link

eSIM vs Physical SIM: Earlier this month, a complaint lodged on the Chakshu portal exposed a secret cyber scam going on in the Mancherial district of Telangana.

eSIM vs Physical SIM: Earlier this month, a complaint lodged on the Chakshu portal exposed a secret cyber scam going on in Mancherial district of Telangana. The complainant was receiving unknown calls posing as government officials and threatening him. Instead of ignoring these calls, he reported them and this is where the investigation started.

A joint team of Telangana Cyber Security Bureau, Department of Telecommunications and Ramagundam police investigated and arrested four accused within a few days. More than 230 illegally acquired SIM cards and five SIM box devices were recovered from them which are used to disguise international calls as local calls making it difficult to catch the scammers.

What is a SIM card?

The Subscriber Identity Module (SIM) card is the identity of your phone, a small chip that tells the mobile network who you are. It contains your unique subscriber ID, security details and network data that makes calls, messages and internet access possible.

What is eSIM and how does it work?

eSIM i.e. embedded SIM is the digital form of the traditional SIM card that is already inbuilt in your phone or smartwatch. There is no need to insert or remove any physical card. Changing to a new network or plan is also done in just a few clicks. This is very convenient for travelers as there is no need to buy a new SIM to add an international plan.

According to cyber security researcher Arya Tyagi, eSIM is currently available in limited devices and is mostly limited to iPhones. At the same time, the advantage of a physical SIM is that in an emergency, it can be immediately inserted into another phone and the network can be accessed, which is not possible in eSIM at present.

Risks of fraud in physical SIM

According to experts, physical SIM can be stolen, lost or cloned. Attacks like SIM swap fraud are based on this where the identity of the user is stolen through social engineering at the call center, which can lead to financial fraud.

On the other hand, eSIM is embedded in secure hardware and is protected by cryptographic protocols. Multi-factor authentication is required for profile change or activation, which makes misuse difficult. However, the threat remains if there is a flaw in the identity verification process of telecom companies.

eSIM has its own risks

According to cyber security expert Shubham Singh, it is not possible to physically remove eSIM, which reduces the chances of tampering. But it is completely dependent on software and cloud. If your email or carrier account is hacked, hackers can make changes to your eSIM profile remotely. This is why strong passwords and two-factor authentication are very important.

Benefits and precautions of eSIM in terms of privacy

eSIM can reduce the risk of theft, but it also means that your carrier and device manufacturer will have more access to your data. So check privacy settings and use device passcodes, biometric locks and remote lock tools like ‘Find My iPhone’.

Which is more secure?

Physical SIMs work on every device and allow quick replacement but are more vulnerable to theft and fraud. eSIM is considered to be the future form of secure mobile identity when combined with strong telecom authentication. However, its security is completely dependent on the security of digital accounts. Experts believe that in the coming time eSIM will completely replace the physical SIM but with this new frontiers of cyber security will also emerge.