An Interest In:
Web News this Week
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
Some of Our Sources
- Slashdot
- Engadget
- Simplebits
- Smashing Apps
- Abduzeedo
- Fuel Your Creativity
- Web Designer Depot
- My Ink Blog
- Spyre Studios
- Daily Now
Help Webnuz
Referal links:
March 1, 2019 11:30 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/TyuGEpLUrVU/comcast-set-mobile-pins-to-0000-helping-attackers-steal-phone-numbers
Comcast Set Mobile Pins To '0000,' Helping Attackers Steal Phone Numbers
An anonymous reader quotes a report from Ars Technica: A bad security decision by Comcast on the company's mobile phone service made it easier for attackers to port victims' cell phone numbers to different carriers. Comcast in 2017 launched Xfinity Mobile, a cellular service that uses the Verizon Wireless network and Comcast Wi-Fi hotspots. Comcast has signed up 1.2 million mobile subscribers but took a shortcut in the system that lets users switch from Comcast to other carriers. To port a phone line from Comcast to another wireless carrier, a customer needs to know his or her Comcast mobile account number. Carriers generally use PINs to verify that a customer seeking to port a number actually owns the number. But Comcast reportedly set the PIN to 0000 for all its customers, and there was apparently no way for customers to change it. That means that an attacker who acquired a victim's Comcast account number could easily port the victim's phone number to another carrier. Comcast told Ars that "less than 30" customers were affected by the problem, that it has implemented a fix, and that the company will eventually roll out a real PIN-based system to further protect customers. But Comcast declined to describe the recent fix in any way, saying that information could help attackers. Comcast also did not say when its new PIN-based system will be ready. Here's what Comcast had to say about the changes it's made and will make: "We have also implemented a solution that provides additional safeguards around our porting process, and we're working aggressively towards a PIN-based solution. We are reaching out to impacted customers to apologize and work with them to address the issue. We take this very seriously, and our fraud detection and prevention methods, policies and procedures are continually being reviewed, tested and refined."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/TyuGEpLUrVU/comcast-set-mobile-pins-to-0000-helping-attackers-steal-phone-numbers
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot