Tuesday, August 11, 15:26
Home security Popular US telecommunications companies vulnerable to SIM swapping attacks

Popular US telecommunications companies vulnerable to SIM swapping attacks

SIM swappingResearchers at Princeton University have published a report which states that five major US telecommunications companies are vulnerable to SIM swapping attacks.

During SIM swapping attacks, attackers call one company telecommunications, deceiving staff and persuading her to change the victim's number so that she can connect to a SIM card controlled by the attackers themselves.

This allows you to reset passwords access and gaining personal access accounts of the victim (email, inbox, e-banking portals, cryptocurrency systems etc).

Princeton researchers conducted the research them for a year. During this time, five major US telecommunications companies were examined. In particular, they wanted to see if they could deceive call center employees and make them change one user's phone number to another without giving them the correct data and credentials.

According to research, popular companies AT&T, T-Mobile, Tracfone, US Mobile and Verizon Wireless use procedures that attackers could use to perform SIM swapping attacks.

The researchers also examined 140 online services and websites, to see which of these malware could be exploited hackers to violate user accounts. 17 of the 140 websites were actually vulnerable to this type of attack.

Research

For their research, the researchers worked with the five telecommunications companies (supposedly customers) and tried to use SIM cards (10 from each company) and make calls in order to create a realistic call history.

Later, researchers called in the company's customer service centers and asked for a SIM card change, deliberately providing incorrect PIN and account holder information.

According to the procedures provided by companies, if someone does not provide the above information (PIN and account holder details) correctly, they will have to provide details about last two calls he made.

The research team says an attacker could deceive one victim and make it call certain numbers before making the SIM swapping attack in order to get the details of the latest calls. For example, he might say to the victim: “You won a prize, call here. Sorry, wrong number, call here ”. This is how it has the data for the last two calls (if the victim falls into the trap).

Princeton researchers said that used this trick and managed to deceive all five US companies.

In the end, the researchers informed the companies about the issues security, but until a few days before the report was published, four of the five providers were still using the same procedures. Only T-Mobile changed tactics after the investigation.

Services and websites

As for online services and websites (social media networks, e-mail providers, websites, cryptocurrency sites, and more), researchers looked at the authentication procedures they used.

Once the investigators had carried out the SIM swapping attack and had under him control their victim number, they could access victims' accounts at 17 of these sites.

The account recovery process for these sites was solely based on verification through SMS. Once the investigators (or attackers) check the victim's number, they also check the SMS. So they can access other accounts.

More details are provided in the work entitled: "An Empirical Study of Wireless Carrier Authentication for SIM Swaps"

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Do you want a Chromebook? Choose among the 4 best!

A good Chromebook is not much different from regular laptops, while the best of them may be nicer than ...

UniConverter: Convert videos to 1000 formats 30 times faster!

If you are a video content creator, you will definitely need to convert a video to various formats many times, without compromising ...

How to persuade older people to use technology?

Technology can often seem daunting and difficult to older people who are unfamiliar with ...

How to stream 4K Ultra HD content to Netflix?

During the quarantine, Netflix has been a great help to people spending boring hours at home. The service has ...

iPhone: Add and remove Widgets from the Home screen

Apple brought the widgets to the Home screen of the iPhone with iOS 14. This is an advanced form of widgets from ...

The best security cameras to protect your home!

If you are afraid of intruders in your home, these security cameras can stream live video directly to your phone.

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...

Facebook: How to hide old posts

Facebook has introduced a new tool called "Activity Management" that will allow you to delete old posts, helping you to improve ...

How to download and install the Play Store on laptops and PCs?

Nowadays, many people rely on their smartphones, as they can be used easily and quickly for ...

Portable air conditioner: It is worn on the back and as a jewel 😛

Portable air conditioner - Worn on the back and like jewelry: 40 degrees and we have melted. Those of you who are lucky on the beach, please stop ...