SIM Swapping Attacks
The cluster discusses SIM swapping vulnerabilities, how attackers exploit mobile carriers to hijack phone numbers, related security measures like SIM PINs and IMEI tracking, and provider protections such as those from Google Fi and T-Mobile.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Not only sim swaps, but also phone unlock codes IIRC.
While what you described is theoretically possible, I've never seen any mobile provider implement it. The reason is fairly simple: if you cared about the security of your sim, you'd set a sim pin. If you don't, you don't set a pin. Requiring reauthentication every time your IMEI is going to cause a massive increase in support calls for very little security gain.
Wonder how they manage SIM distribution / authentication?
Only if you somehow acquired a SIM card which doesn't 'belong' to anyone.
It's worse than this though. My colleague had his sim replaced by an attacker in October of last year even though his account had a note on it specifically to prevent this without the account holder being present and showing photo id. Not only can the customer service rep at your carriers store do this but so can the phone reps at all the other stores that sell phones for your carrier such as best buy. The bottom line is that SMS/phone numbers shouldn't be an identifying factor fo
Can anyone explain why SIM swapping works? Do telecom companies in US allow you to buy a new SIM without a government issued ID?
Wouldn't it be trivial for the company to track where the SIM is being used to find out who's done this?
They can just take your number anyway if you ever insert a SIM, since they control "your" phone.
This is mobile operator problem, not Twitter. How on earth the mobile operator can hand a SIM card to someone else?!
Pixel phones are now preventing sim swapping, IIRC, and maybe a few others.