The alarming test shows that US carriers don’t defend SIM-Swap attacks

An alarming Princeton test shows that the five largest US carriers are failing to protect their customers from so-called SIM-swap attacks adequately.

We have been able to persuade the carriers to allocate phone numbers to new SIMs without answering any of the standard security questions successfully. Once a phone number is reassigned to an attacker’s SIM, they can reset passwords even on two-factor authentication (2FA)-protected accounts.

The Princeton study revealed that carriers would allow reassignment even if the attacker had repeatedly given incorrect answers to security questions designed to ensure that they were the legitimate owner of an account.

The method used was ridiculously simple: the caller claimed to have forgotten the answer to the primary security question. Then went on to request that the reason they were unable to answer questions about things like their date and place of birth is that they had to make a mistake when setting up the account.

Apple Provides Free Replacement for Faulty iPhone XS, iPhone XS Max,

Customer service representatives amazingly then allowed them to authenticate simply by identifying the two most recent phone numbers called. As the report concludes, persuading someone to call an unknown number would be pretty straightforward, by merely leaving voicemails or sending text messages. Three providers even sometimes approved incoming calls as authentication, which means an attacker has to do nothing more than a call from a burner phone to the victim’s phone.

Upon completion of the SIM swap, many online services allow someone to reset a forgotten password by sending a reset key or link through SMS. The message would then go to the attacker resetting the password and taking account access.

The report also found poor security problems in use by all carriers. For example, one was the last payment made to the account which could be easily subverted by an attacker.

Oprah quits documentary on sexual harassment for Apple TV Plus and Sundance

;

Related Articles

Adobe updates Illustrator, Photoshop, Fresco, and other Apps to enhance the user experience

Adobe Max 2020 has been introduced to bring "creativity for all." Unlike the previous Max conferences, the coronavirus pandemic has practically forced the event...

LG’s rollable OLED TV goes on sale for $87,000

It is finally beginning to ship out almost two years after LG's rollable OLED TV, the LG Signature Series OLED R, made a stunning...

Samsung Galaxy Fit2 Fitness Tracker, a big challenge for Fitbit Inspire 2

A new fitness tracker, the Samsung Galaxy Fit2, has been unveiled by Samsung with a super-long battery life that directly challenges the recently released...

Latest Articles

Sony A7S III Full-Frame Mirrorless Camera With 4K 120fps Video Recording Launched in India

In India, the Sony Alpha 7S III or A7S III has just been released. It is a full-frame mirrorless camera and the successor to...

Best AirPods deals on Amazon

Some of the most popular headphones on the market are Apple AirPods. They are lightweight and easy to pair with your phones and provide...

Samsung Galaxy Tab A7 With Quad Speakers and 10.4-Inch Display

Samsung Galaxy Tab A7 has been released in India with excellent specifications and a price tag and offered in LTE and Wi-Fi only variants...

The best laptop of 2020, XPS 13 and XPS 13 2-in-1 powered by Tiger Lake processors

Dell has revealed new updates to its 2-in-1 XPS 13 and XPS 13. Both are powered by 11th Generation Tiger Lake processors from Intel...

Microsoft’s Xbox app will allow you to stream Xbox One games on your iPhone

Microsoft is about to release a significant update to the Xbox app for iOS, including the ability to stream Xbox One games in one...

OnePlus Buds app is getting ready to enhance support for all Android phones

OnePlus released OnePlus Buds in July, which is $79 cheaper true wireless earbuds. Although they have a great battery and a low price, if...