New sim swap hacks highlight carriers’ wobbly security — — Light Reading ↗

Researchers at Princeton University called three of the four major [US] carriers and tried to convince customer service representatives to move phone numbers to new sim cards. Verizon, AT&T and T-Mobile each received ten calls from the researchers, who posed as customers.
Astoundingly, in all 30 cases the fake customers successfully convinced the carriers to move the numbers to new sim cards.
This matters because so many other services (such as banking systems) rely on SMS for authentication. If you only need to convince one customer service representative to swap a phone number, you could potentially have access to… almost anything.
I lead teams and organisations to make human-centred decisions. I am a lead content designer and information architect at the Scottish Government.
Email — contact@duncanstephen.net
This doesn’t surprise me. The online method of phone-number swapping doesn’t generally need much in the way of security (one password, that’s generally sent to the SIM in question). I don’t think phone companies consider phone number/SIM comboss to be the security measure they’re often used for. This is the fault of the app creators, because phone number/SIM combo, to my knowledge, wasn’t meant to be a security measure either.