eSim Cards Safety: Security & Hackings Risks

Activating an eSIM card

11 October 2024

technology

Joseph Philipson

Are eSim Cards Safe?

For anyone traveling, eSIM cards, a virtual SIM for more modern phones, offer a convenient and flexible solution.

With an eSIM, you can switch mobile networks (including networks specifically for roaming) without having to insert or remove a physical SIM card. While this is certainly an advantage, there are some questions about the safety and security of eSIM cards.

Are they safe enough for everyday use while traveling? What are the alternatives?

Big hexagon icon Hexagon icon Medium hexagon icon
Outline hexagon icon Outline hexagon icon Outline hexagon icon Image of a pocket
Hexagon icon

from

3.95€

per day

From

€

For days in with data plan

What Is an eSIM?

While the prefix “e” in e-commerce, e-book, and e-mail stands for electronic, the “e” in eSIM stands for embedded.

This is because an eSIM is integrated into a phone and isn’t removable like the physical SIM card you may be used to.

With an eSIM, you can switch mobile carriers, activate new plans, and set up roaming services without having to replace anything. eSIM solutions are becoming increasingly popular with modern smartphones, allowing them to use multiple mobile plans on a single device.

The main difference between an eSIM and a physical SIM is that the latter can be physically removed from your device while the eSIM is embedded.

SIM cards are also tied to a specific carrier. If you want to change your mobile carrier, you must change your SIM card.

While you can uninstall eSIMs when you’re done with a particular carrier, you can’t lose an eSIM unless you lose the entire smartphone.

eSIM Cards Security Features

Understandably, eSIM cards were designed with several advanced security features to ensure the safety of user data.

With an eSIM, you can activate and configure it over the air (OTA) through a process known as remote provisioning. Users typically download the mobile plan or profile from the mobile carrier by either scanning a QR code or using an app.

This process is typically very secure as it uses cryptographic protocols to ensure that only the user and the mobile carrier can activate or manage eSIM profiles.

An eSIM will also use other security elements and hardware security, like encryption keys and authentication credentials, to minimize the risk of unauthorized access. As with any system like this, there are always risks like unauthorized access and socially engineered attacks, which trick users into willingly handing over sensitive data and permissions without realizing it.

eSIM Cards Security Risks

As with any solutions available to travelers, be it eSIM cards, travel SIMs, or pocket WiFi, you should also consider the feasibility and security risks.

Here’s how an eSIM card stacks up in terms of security against your other roaming options.

Can an eSIM Card Be Hacked?

We mentioned above the advanced security technology used in eSIM cards, such as encryption and hardware security. However, an eSIM isn’t hack-proof.

While it’s unlikely that hackers will directly target an eSIM, the real risk is from social engineering attacks. These are when hackers obtain necessary credentials and personal information. They don’t steal this data, though. Instead, they trick the victim into freely handing over the information.

With an eSIM card, you’re also at risk of malware and phishing attacks. As with any electronic device, you should also consider following the best practices.

  • Use strong passwords
  • Avoid suspicious links
  • Keep your device updated
  • Use security software for your device

Common scams and hacks involve people masquerading as mobile network carriers and tricking users into revealing sensitive information like their PIN or eSIM activation code. According to the Verizon Data Breach Investigations Report, “The human element still makes up the overwhelming majority of incidents and is a factor in 74% of total breaches.”

Hackers can do this by contacting you via e-mail, phone, or text message and asking for these credentials.

If you provide them with any of this information, they’re free to access accounts. This allows them to manipulate your carrier into activating your eSIM on their device, and take over your phone number.

Once they’re actively using your phone number, they can start accessing accounts with two-factor authentication, such as banking apps or your e-mail, and things can quickly escalate from there.

Your eSIM card could help hackers get their foot in the door to all your accounts.

Phishing attacks are also a common way to hack an eSIM card. In this case, you’ll receive an e-mail or text message from the hackers with a link to “verify” or “confirm” something. When you click on the link, you’ll likely be taken to a fake website that looks like your mobile carrier’s. Once you put in your credentials as you would on the real website, the hackers will have the information they need.

Over 60% of digital fraud occurs on mobile devices, so you should always be vigilant when using your phone.

iPhone eSIM

Can an eSIM Card Be Cloned?

A particular security issue with physical SIM cards is that they can be cloned. An eSIM card is harder to clone than a physical SIM since hackers need access to it.

Again, the encryption involved with an eSIM card makes cloning one remotely much more difficult or nearly impossible.

The risk is always there. If you choose an eSIM solution for roaming, we advise that you follow the above best security practices.

Can an eSIM Card Be Swapped?

SIM swapping is an attack in which hackers impersonate the user. It tricks the mobile carrier into transferring the eSIM to another device they possess. According to Efani, “SIM switch assaults have increased by an astounding 400% just in the last year.”

This allows hackers to intercept calls and messages and access accounts otherwise protected by two-factor authentication. Multi-factor authentication (MFA) is recommended to mitigate the risk of unauthorized eSIM swaps. Even with access to your eSIM profile, hackers would need to bypass an additional layer of security.

Microsoft suggests that MFA can block over 99.9% of account compromise attacks, making it a no-brainer as a device security option.

Samsung smartphone eSIM

What If My Phone Gets Stolen?

Since an eSIM card can’t be removed from a phone, it’s much safer if your phone is lost or stolen. However, once a thief has your phone, they may be able to access accounts and information through your eSIM.

You might think that theft is less likely now that seemingly everybody owns a smartphone. However, in New York City, for example, “40% of robberies are phone thefts“.

To optimally protect your device in this situation, it’s highly recommended that you include security features like remote wipe, device encryption, and strong passcodes on your device.

While an eSIM has the advantage of being physically secure within the phone, thieves can still access your device.

If your phone is stolen or lost, it’s recommended that you act as quickly as possible. By this point, you’re in a race with the thief to render your phone secure and unusable before they reset it.

If your phone has options to remotely track, lock, or erase the device, you’re in luck. You can use these to reduce the risk of data theft.

You can use Find My iPhone on your iPhone to track, lock, or erase data. Android devices also have the Find My Device option. Make sure these are set up.

You can also contact your eSIM carrier to suspend or transfer the eSIM to a new device. For added security, be sure to change your account passwords, monitor for suspicious activity, and report the loss or theft to the appropriate authorities.

Are eSIM Cards Safer than Physical SIM Cards?

Generally, an eSIM card is considered safer than a physical SIM card. After all, the physical security an eSIM solution offers can’t be matched by a SIM card.

Physical SIM card replacement

A SIM card can be easily removed or swapped and cloned or stolen. An eSIM card needs to be stolen along with the phone it’s embedded in.

However, eSIM cards, like physical SIMs, have the abovementioned risks, including hacking, phishing, and SIM swapping attacks.

The security differences between eSIM cards and physical SIM cards lie mainly in the embedded nature of an eSIM. However, there’s one particular solution that offers security, is easy to setup, and comes with numerous other benefits. It’s especially useful for travelers wanting fast and reliable internet connections.

We’re talking about pocket WiFi, of course.

FeatureeSIMPhysical SIM
RemovabilityEmbedded, cannot be easily removedCan be removed or swapped easily
Cloning RiskDifficult due to encryptionEasier to clone if physically accessed
SIM Swapping RiskPossible with social engineering attacksSimilar risk through social engineering
Physical TheftSafer, requires phone theftSIM can be removed and used in another device
Hacking RiskVulnerable to phishing and social attacksAlso vulnerable to phishing and social attacks
Device CompatibilityLimited to eSIM-capable devicesUniversally supported across all devices
eSIM cards and physical SIM cards compared

Why Is Pocket WiFi a Better Choice than an eSIM?

So why should travelers opt for pocket WiFi solutions over eSIMs, especially when they already have eSIMs embedded in their smartphones?

For one, pocket WiFi offers connections to multiple devices at once. Smartphones, tablets, laptops, and computers can connect to the internet through them, regardless of how many members of the group have eSIM-compatible smartphones.

Pocket WiFi also offers more consistent roaming speeds, particularly in rural areas with spotty coverage. After all, a pocket WiFi device tends to feature a better antenna than those used in your everyday smartphone, allowing the device to maintain a better connection than a smartphone using its own data connection.

Pocket WiFi offers a private network for just you and the other members of your group. You can choose who connects to the device. An eSIM, on the other hand, uses a potentially vulnerable public mobile network.

Pocket WiFi is also a separate device. If your phone is stolen or lost, nobody will automatically gain access to your pocket WiFI network. If you lose your pocket WiFi router, your phone and all your private data stored on it can remain safe.