Sim Swap

    • After a customer database with almost 300,000 customer data was hacked at Ledger and then put into the public domain after a few months, the topic of mobile telephony sim swap has once again become topical. As a Swisscom Mobile customer, I wonder whether Sim Swap could be a threat to me if the hackers, for example. have my name, address, mobile number? I don’t actually see any danger for the old Sim, as a new Sim will be sent home. But what about eSim? Will I definitely get a QR code in the mail? or can/may support do this remotely/online?

    Show original language (German)
    • Walter_Wp likes that.

    • Hello @Yed

      Sorry you had to wait so long for an answer.

      Security is of course a big issue at Swisscom. And this is no different in the area of ​​eSIM and the danger of SIM swap. We constantly check possible gaps and threats.

      We can assure our customers that eSIMs are completely safe from cyberattacks. Through the eSIM and SIM certification (SAS certification), the GSMA Association (global industry association of mobile phone providers) ensures that all eSIMs and eSIM servers on the market have the highest possible security standard. There are currently no known security gaps for eSIMs.

      Basically it can be said that an eSIM is no more vulnerable than a physical SIM card. The biggest risk with all SIM cards can often be found in the processes (SIM exchange, SIM card is left behind, old device is passed on with an active SIM card, …). Since an eSIM cannot simply be removed from the device like a “normal” SIM card when the device is unattended, an eSIM is even safer in terms of SIM theft. The QR code as a key to the personal eSIM is only accessible to the customer via My Swisscom, the logged in and secure Kundencenter.

      Greetings Samuel

    17 days later

    Hello @Yed

    Sorry you had to wait so long for an answer.

    Security is of course a big issue at Swisscom. And this is no different in the area of ​​eSIM and the danger of SIM swap. We constantly check possible gaps and threats.

    We can assure our customers that eSIMs are completely safe from cyberattacks. Through the eSIM and SIM certification (SAS certification), the GSMA Association (global industry association of mobile phone providers) ensures that all eSIMs and eSIM servers on the market have the highest possible security standard. There are currently no known security gaps for eSIMs.

    Basically it can be said that an eSIM is no more vulnerable than a physical SIM card. The biggest risk with all SIM cards can often be found in the processes (SIM exchange, SIM card is left behind, old device is passed on with an active SIM card, …). Since an eSIM cannot simply be removed from the device like a “normal” SIM card when the device is unattended, an eSIM is even safer in terms of SIM theft. The QR code as a key to the personal eSIM is only accessible to the customer via My Swisscom, the logged in and secure Kundencenter.

    Greetings Samuel

    Show original language (German)
    a year later

    Social engineering is practically ALWAYS involved in SIM swaps. Someone calls the call center and can very credibly say that they are the authorized person, but due to a chain of circumstances they no longer have access and now everything has to be reset. This also works with fake IDs in the shop.

    I would bet that Swisscom is not immune to social hacking.

    Show original language (German)

    More relevant would probably be:

    1. Does or did Swisscom have business relationships with Ledger?
    2. If yes: Was Swisscom customer data among those published?
    3. Where can you find an overview of when third parties have not adequately protected data provided by Swisscom?
    4. Is there a process to report certain “security features” as no longer safe (burnt) once they have been published somewhere?
    Show original language (German)