The CAMARA project has unveiled the SIM Swap API, an innovative tool designed for developers and capability consumers. This API is engineered to perform real-time evaluations on the activation date of a SIM card within a mobile network. It determines if a specific mobile phone number (MSISDN) has been transitioned to a different SIM card. The primary objective of the SIM Swap API is to fortify defenses against fraudulent activities, especially in enhancing SIM-based authentication methods such as SMS One-time passwords. Given the increasing tactics of fraudsters using Simswap techniques to intercept SMS messages and reset passwords, this API stands as a vital protective measure.
CodeB's Identity Broker's Distinctive Mechanism:
While the CAMARA project's SIM Swap API offers a direct approach to inspect SIM card data, CodeB's Identity Broker integrates a unique methodology. The Identity Broker does not directly access SIM Card data. Instead, it zeroes in on detecting any alterations in the cryptographic keys used by mobile identities. As CodeB secures these cryptographic keys within the protected hardware key storage of mobile devices, any key change becomes a significant indicator. A change in cryptographic keys strongly suggests that the original SIM is no longer active in its initial mobile device, highlighting a potential risk with that identity. This intricate method of associating mobiles, MSISDNs, and cryptographic keys is further amplified by the OTP API, as detailed in CodeB's post on enhanced security with OTP integration.
The SIM Swap API introduces two primary endpoints:
1. Retrieve Last SIM Swap Date:
Endpoint: `POST /sim-swap/v0/retrieve-date`
Description: By providing an MSISDN, this endpoint returns the most recent SIM swap date.
2. Check for Recent SIM Swap:
Endpoint: `POST /sim-swap/v0/check`
Description: By providing an MSISDN and a maximum age, this endpoint returns a boolean indicating if the MSISDN has undergone a 'swap' to another SIM within the specified max age period.