Preface: A SIM box (or SIM bank) is a hardware device that houses multiple SIM cards simultaneously to facilitate VoIP-to-GSM call termination. It reroutes international VoIP calls to appear as local calls by using local prepaid SIM cards, allowing operators to bypass high international tariffs and exploit low local call rates. It is primarily used for, but not limited to, fraudulent bypass.
Background: Why SIM-Farm-as-a-Service (SFaaS) is a Major Security Concern
Industrial-Scale Fraud: It enables the mass creation of fake accounts for social media, messaging apps, and banking by bypassing SMS-based one-time password (OTP) verification.
Evading Detection: By using local SIM cards, scammers can disguise international phishing attempts as local calls or texts, making them harder for users and automated systems to detect.
Critical Infrastructure Risk: Massive setups, like the one dismantled by the US Secret Service in late 2025, have the capacity to overload cellular networks, potentially jamming emergency services.
Legal Gray Areas: While the hardware itself is often legal for testing purposes, its application in SFaaS models has prompted governments, notably the UK government, to pursue bans on the “possession and supply” of SIM farm equipment.
Security focus: The recent spotlight on SIM-Farm-as-a-Service in April 2026 stems from a major investigation by the cybersecurity firm Infrawatch. Please refer to the link for referene.