Your SIM card is far more important than you probably realize. It’s not just the chip that is assigned to your phone number and contains crucial network authorization data. It can store contacts and other small amounts of data, but more importantly, it’s the key to accessing two-factor authentication codes linked to your phone number. Your phone probably has a PIN or password securing it, although that doesn’t stop anyone from removing your SIM card and inserting it into a device they control. It’s called “SIM swapping,” and it could allow bad actors to hijack your most important internet accounts in the event your device is lost or stolen.
There’s one way to combat this security threat, and it’s by locking your SIM card. Most of us think setting up a PIN or password for our devices is enough, but it’s not a good idea to stop there. Instead, the most wise practice is to set up a PIN for your phone and its SIM card. That way, if someone tries to put your SIM card into another device, they must enter the PIN you’ve chosen in order to connect to a network and use your phone number.
Everything you need to know about SIM PINs
They lock your SIM card so that only you can use your number
There are quite a few SIM card features that have been forgotten in the age of modern smartphones and eSIM technology — the SIM PIN is one of them. The way it works is simple: you can set a personal identification number (PIN), which is a four-digit code, that locks your physical SIM card. Every SIM card technically has a default PIN out of the box, but it isn’t used to restrict access. Instead, it’s a standardized PIN set by your carrier required to set up a new SIM PIN. AT&T and Verizon both use 1-1-1-1, while T-Mobile uses 1-2-3-4.
With a custom SIM PIN set, your phone will ask for the PIN each time your phone tries to connect to your carrier’s network. For example, if you lose connection by enabling airplane mode or powering down your device, you’ll need to enter the SIM PIN upon reconnecting. The same goes for if your SIM card is removed from your device and re-inserted, or inserted into another smartphone. This is why a SIM PIN is crucial for protecting against SIM swapping.
Until the SIM PIN is correctly entered, your device won’t connect to the network assigned to the SIM card. You only get three tries to correctly enter a SIM PIN before the SIM card is shut down completely. This effectively rules out bad actors trying to guess or brute force their way through a SIM PIN.
After failing three times, your SIM will stay locked until the correct personal unlocking key (PUK) is entered — this number is found on the original SIM card’s packaging or can be supplied by your carrier. If you fail to enter the PUK code correctly 10 times, the SIM card will be permanently disabled, and you’ll need to get a new one.
Depending on how often you reestablish a cellular connection between your device and your carrier’s network, setting up a SIM PIN could have a minor impact on the way you use your smartphone. If you do switch phones or disconnect from your network a lot, it might be a hassle to reenter the four-digit SIM PIN each time you reconnect. However, it’s really no different than entering the PIN or password used to lock your device itself. The benefits are major, as it prevents someone else from being able to use your SIM card without permission.
While most SIM PINs are four digits, some carriers allow for longer custom SIM PINs. Your PUK will be eight digits.
Can someone really lock your SIM card?
It’s unlikely, but it is possible in two key ways
You should be more worried about someone putting your SIM card in another device to access your text messages or two-factor authentication codes than someone locking your SIM card. However, it is possible. For someone to lock your SIM without your knowledge, they would need physical access to your phone or SIM card.
Anyone can lock a SIM card if it is currently unlocked, they have access to the device, the SIM card is inside, and they know the default carrier PIN for the SIM card. There is no additional verification required to lock a SIM card, and it would be easy for someone who’s not you to do it, provided they get your phone or its SIM card.
That said, hackers and thieves have little to gain by locking your SIM card with a PIN. It would be a major inconvenience to have to find your PUK or contact your carrier to unlock a SIM card that was locked by someone else, but it’s really a non-issue. Instead, the big risk is a bad actor using an unlocked SIM card to receive two-factor authentication codes on your behalf. Critical services, like online banking platforms, still rely on SMS-based 2FA for logins, leaving your cash vulnerable in the event your SIM card is compromised.
By locking your SIM card yourself, you can avoid the very minimal risk of someone locking your SIM card without your knowledge. More importantly, you can avoid the very real threat of SIM swapping.
Related
eSIMs Can Be Hacked, but I Keep Mine Safe With These Tips
A few simple steps a day keep the hackers and cybercriminals away.
Setting up a SIM PIN is great peace of mind
It’s an excellent defense against SIM swapping and more threats
Credit: Brandon Miniman / MakeUseOf
To set up a SIM PIN on an iPhone, you’ll need to navigate through Settings → Cellular → SIM PIN. Then, follow the on-screen prompts to enter your carrier’s default PIN and create a new one. Android users can set up a SIM PIN by navigating through Settings → Connections → SIM Manager → More SIM settings → SIM card security → Lock SIM card. These steps are for One UI, and they might vary depending on your Android OS skin. Alternatively, you can find SIM PIN settings on Android by finding Settings → Security & privacy → More security & privacy → SIM lock.
Like with any digital security measure, setting up a SIM PIN is mostly for peace of mind. The chance that you could fall victim to SIM swapping in the event your phone is lost or stolen is slim, but it’s not completely zero, either. You have to balance daily inconvenience with security best practices when enabling any additional protection, and a SIM PIN is no exception. Yes, you’ll need to enter another PIN every time your phone reestablishes a connection with your cellular network, but you won’t have to worry about SIM swapping or someone locking your SIM card.
