The alarming test shows that US carriers don’t defend SIM-Swap attacks

An alarming Princeton test shows that the five largest US carriers are failing to protect their customers from so-called SIM-swap attacks adequately.

We have been able to persuade the carriers to allocate phone numbers to new SIMs without answering any of the standard security questions successfully. Once a phone number is reassigned to an attacker’s SIM, they can reset passwords even on two-factor authentication (2FA)-protected accounts.

The Princeton study revealed that carriers would allow reassignment even if the attacker had repeatedly given incorrect answers to security questions designed to ensure that they were the legitimate owner of an account.

The method used was ridiculously simple: the caller claimed to have forgotten the answer to the primary security question. Then went on to request that the reason they were unable to answer questions about things like their date and place of birth is that they had to make a mistake when setting up the account.

Apple Provides Free Replacement for Faulty iPhone XS, iPhone XS Max,

Customer service representatives amazingly then allowed them to authenticate simply by identifying the two most recent phone numbers called. As the report concludes, persuading someone to call an unknown number would be pretty straightforward, by merely leaving voicemails or sending text messages. Three providers even sometimes approved incoming calls as authentication, which means an attacker has to do nothing more than a call from a burner phone to the victim’s phone.

Upon completion of the SIM swap, many online services allow someone to reset a forgotten password by sending a reset key or link through SMS. The message would then go to the attacker resetting the password and taking account access.

The report also found poor security problems in use by all carriers. For example, one was the last payment made to the account which could be easily subverted by an attacker.

Oprah quits documentary on sexual harassment for Apple TV Plus and Sundance



Related Articles

Huawei Watch Fit With Heart Rate Monitor and AMOLED Display

Huawei Watch Fit appears to be the latest smartwatch under development by the company. Although the company has yet to provide information on its...

Nreal augmented reality glasses are arriving this month in Korea

The Nreal Light augmented reality glasses are arriving in Korea along with Samsung's recently announced Galaxy Note 20. LG Uplus will offer the headsets...

Apple deleted Thousands of Games Apps from the Chinese app store

According to a detailed report from research firm Qimai, Apple deleted 29,800 apps from its Chinese app store on Saturday, including more than 26,000...

Latest Articles

Nreal augmented reality glasses are arriving this month in Korea

The Nreal Light augmented reality glasses are arriving in Korea along with Samsung's recently announced Galaxy Note 20. LG Uplus will offer the headsets...

Apple deleted Thousands of Games Apps from the Chinese app store

According to a detailed report from research firm Qimai, Apple deleted 29,800 apps from its Chinese app store on Saturday, including more than 26,000...

11 malicious apps that you should delete to protect your smartphone

With all its life-changing magic, the smartphone fails when It sucks your time, sucking up your battery and most of all, it sucks up...

You can buy the best Fitbit smartwatch right now, and what’s perfect for you

Like Kleenex or Xerox, Fitbit is becoming a proprietary technology eponym. Although they might have started as relatively simple activity trackers, the wearable devices...

Quick Charge 5 by Qualcomm can charge phones 0-50% in 5 minutes

Qualcomm today introduced Quick Charge 5 as its latest quick charging technology, promising to charge phones in just five minutes from 0 to 50%....