Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Thursday July 19 2018, @01:11AM   Printer-friendly
from the sim-pin dept.

A lot of companies, some quite big and prominent, fool people into thinking that a phone is a second authentication factor. Due to the transferability of the phone number associated with a random SIM card and the ease with which social engineering and even conspirators inside the carrier itself can be used to gain control of that number, it is not and can never be "something you have". That does not stop companies from pretending nor marks from playing along. Motherboard has an article about how the weaknesses around the SIM cards are becoming all the more frequently exploited to perpetrate massive fraud.

First, criminals call a cell phone carrier's tech support number pretending to be their target. They explain to the company's employee that they "lost" their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering—perhaps by providing the victim's Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card.

From Motherboard : The SIM Hijackers


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday July 19 2018, @02:27PM

    by Anonymous Coward on Thursday July 19 2018, @02:27PM (#709410)

    or can we just admit '2 factor' is dead and is only being used to collect yet another data point from people