Virginia Tech and GSMA partners develop new AI-driven approaches to identify large-scale SIM farm abuse and protect mobile ecosystems
Virginia Tech, in collaboration with GSMA Foundry and participating mobile network operators, today announced progress on a new research initiative focused on detecting and mitigating SIM farm-driven fraud and automated abuse across mobile networks.
The project is led by Virginia Tech’s Brain Inspired Computing, Communication, and Security (BRICCS), a research center connecting Virginia Tech’s Bradley Department of Electrical and Computer Engineering, Institute for Advanced Computing, and Pamplin College of Business. The research team is led by Prof. Yaling Yang, in collaboration with Prof. David Simpson, Prof. Yang (Cindy) Yi, Prof. Lingjia Liu. The project addresses the growing global threat posed by SIM farms—large-scale clusters of mobile devices or SIM banks that enable criminals to conduct high-volume spam messaging, account takeover, verification fraud, and large-scale bot operations using legitimate cellular identities.
The initiative is being developed as part of GSMA’s broader innovation efforts to strengthen mobile security, protect consumers, and enable trustworthy digital services at global scale.
SIM Farms: A Growing Threat to Mobile Trust and Digital Identity
SIM farms have emerged as one of the most persistent forms of telecom-enabled cybercrime. By leveraging hundreds or thousands of SIM cards, attackers can generate large volumes of mobile-originated traffic that appears legitimate, making it difficult for traditional fraud filters to distinguish between malicious automation and real customer activity.
The impact extends far beyond nuisance spam. SIM farm infrastructure is increasingly used to support:
- SMS phishing and scam campaigns
- One-time password (OTP) interception and account takeover
- Fraudulent registration of online accounts
- Automated bot operations and social engineering
- Circumvention of identity verification systems
As online services continue to rely on mobile numbers for authentication and identity assurance, the ability to detect SIM farm abuse has become a critical security priority for operators, enterprises, and regulators worldwide.
AI-Driven Detection Through a High-Fidelity Mobile Network Digital Twin
To address this challenge, the project is developing a high-fidelity cellular network digital twin framework capable of modeling realistic radio access network (RAN) behavior, core network signaling, subscriber mobility patterns, and attacker automation strategies.
This simulation-driven approach enables controlled experimentation of SIM farm behaviors under realistic network conditions, allowing researchers and operators to evaluate detection methods at scale without exposing sensitive subscriber data.
Using this platform, the research team is designing AI-driven detection mechanisms that leverage multi-layer network intelligence, including:
- RAN-level KPIs and scheduling patterns
- Signaling-layer behavior anomalies
- Session-level traffic dynamics and automation signatures
- Cross-SIM correlation indicators
The framework enables systematic evaluation of detection accuracy, false positives, and operational impact, helping to ensure that proposed countermeasures are practical for real-world deployment.
Enabling Practical Security Innovation Through Standardized Interfaces
A key focus of the initiative is ensuring that detection capabilities can align with industry deployment pathways, including standardized interfaces and interoperable mechanisms that support ecosystem-wide adoption.
The project will explore how fraud detection intelligence can be integrated into industry frameworks such as network APIs and operator-facing security services, supporting scalable protection across multiple operators and regions.
Supporting Operators and the Broader Digital Economy
SIM farm activity increasingly affects not only telecom networks but also the broader digital ecosystem, including online banking, e-commerce, social media platforms, and cloud services that depend on trusted mobile authentication.
By improving visibility into large-scale automation and fraud behavior, the initiative aims to provide operators with practical tools to:
- reduce fraud-driven network load,
- protect subscribers from spam and scams,
- improve trust in mobile number-based identity,
- and support stronger cross-industry fraud prevention.
Commitment to Continued Innovation
Over the coming months, the project team will expand its evaluation scenarios and refine detection algorithms, incorporating feedback from mobile operators and GSMA ecosystem stakeholders. Planned next steps include enhanced modeling of bot-controlled traffic patterns, advanced SIM farm evasion strategies, and privacy-preserving validation methods.
The initiative will also contribute to broader GSMA security innovation efforts by advancing scalable approaches for identifying emerging telecom-enabled threats.
About the Project
The SIM Farm Detection initiative is a collaborative research effort focused on developing scalable, privacy-preserving detection and mitigation methods for telecom-enabled fraud. It combines cellular network digital twin technology, RAN and signaling KPI analysis, and AI-driven anomaly detection to support operator-relevant solutions. The project is being conducted at Virginia Tech’s BRICCS located in the brand-new Academic Building One in the Washington DC metro area.
For enquiries, please email to foundry@gsma.com.