Archive — SMS

New sim swap hacks highlight carriers’ wobbly securityMartha DegrasseLight Reading

Diagram demonstrating how the attack works

Researchers at Princeton University called three of the four major [US] carriers and tried to convince customer service representatives to move phone numbers to new sim cards. Verizon, AT&T and T-Mobile each received ten calls from the researchers, who posed as customers.

Astoundingly, in all 30 cases the fake customers successfully convinced the carriers to move the numbers to new sim cards.

This matters because so many other services (such as banking systems) rely on SMS for authentication. If you only need to convince one customer service representative to swap a phone number, you could potentially have access to… almost anything.

1 comment