Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
January 16, 2020 07:34 pm PST

Carriers ignore studies that show they suck at preventing SIM-swap attacks

Now that many online services rely on sending SMSes to your phone to authenticate your identify, thieves and stalkers have created a whole "SIM swap" industry where they defraud your phone company or bribe employees to help them steal your phone account so they can break into all your other accounts.

In the years since SIM swap attacks were first publicized, carriers have faced litigation and congressional scrutiny for the role their lax security played in the attacks. They have added a suite of security measures that are supposed to staunch the bleeding, but as a recent study found, these measures present no real impediment to identity thieves -- and after the study was completed, the carriers largely ignored it and its recommendations.

The study -- conducted by Princeton's Center for Information Technology Policy (previously) details how researchers were able to bypass carrier security measures such as requiring people to give date of birth and billing ZIP codes by stating that they had been careless during the signup period and couldn't recall what answers they'd given previously. What's more, the researchers found it simple to bypass the carriers' requirement that the subscriber dial two phone numbers to confirm the swap -- they just sent fraudulent texts to the real customers telling them they'd won a prize and asking them to dial a certain number to collect it, then followed up by saying they had sent the wrong number originally and asking the victim to dial the second number instead. Read the rest


Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/RA0FikIRCcs/prepaid-crime.html

Share this article:    Share on Facebook
View Full Article