Academic research finds five US telcos vulnerable to SIM swapping attacks

SIM card swapping
Image: Brett Jordan

A Princeton University academic study published yesterday found that five major US prepaid wireless carriers are vulnerable to SIM swapping attacks.

A SIM swap is when an attacker calls a mobile provider and tricks the telco’s staff into changing a victim’s phone number to an attacker-controlled SIM card.

This allows the attacker to reset passwords and gain access to sensitive online accounts, like email inboxes, e-banking portals, or cryptocurrency trading systems.

All last year, Princeton academics spent their time testing five major US telco providers to see if they could trick call center employees into changing a user’s phone number to another SIM without providing proper credentials.

According to the research team, AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless were found to be using vulnerable procedures with their customer support centers, procedures that attackers could use to conduct SIM swapping attacks.

In addition, the research team also looked at 140 online services and websites and analyzed on which of these attackers could employ a SIM swap to hijack a user’s account. According to the research team, 17 of the 140 websites were found to be vulnerable.

US telco research

For the part of their research that targeted US telcos, the research team said it created 50 prepaid accounts, 10 with each carrier. For each account, the research team used the 50 SIM cards on a unique phone, and for real calls, in order to create a realistic call history.

When the time came, the research team called each telco’s customer support center and applied a similar procedure.

sim-swapping-telcos.png

sim-swapping-telcos.png

Image: Lee et al.

The idea was that the attacker calls a telco’s support center to request a SIM card change, but intentionally provides a wrong PIN and account owner details.

“When providing incorrect answers to personal questions such as date of birth or billing ZIP code, [research assistants] would explain that they had been careless at signup, possibly having provided incorrect information, and could not recall the information they had used,” researchers said, explaining the motives they provided to call center staff.

At this point, after failing the first two authentication mechanisms (PIN and account owner details), telco call center operators are required, based on their procedures, to move to a third mechanism during which they ask the account owner to provide details about the last two recently made calls.

The research team says that an attacker could trick a victim into placing calls to specific numbers. For example, a scenario of “you won a prize; call here; sorry, wrong number; call here instead.”

After the attacker has tricked the SIM card owner into placing those two calls, they can use these details to call the telco’s call center and carry out a SIM swap.

Princeton researchers said they were able to trick all five US prepaid wireless carriers using this scenario.

When they published their research yesterday, four providers were still using the vulnerable procedure, despite the research team notifying all the affected parties. Of the five, T-Mobile told the research team they discontinued the use of call logs for customer authentication after reviewing their research.

Online service research

But the Princeton researchers also took their study one step further. For the following stage of their research, they wanted to see what they could do once they carried out a SIM swapping attack.

For this, they analyzed the login and multi-factor authentication (MFA) procedures employed by 140 of the most popular online sites and services, ranging from social media networks to email providers, and from cryptocurrency trading sites to enterprise solutions.

They found that on 17 sites, once you managed to hijack a user’s phone number via a SIM swap, you could reset the account’s password and gain full access to the victim’s online profile, with no other security system in place to authenticate the user.

In other words, the account recovery process for these 17 sites relied solely on an SMS-based mechanism. Once an attacker compromised a victim’s phone number, the password could be reset without having to control the user’s email or provide any other user secret (password reset questions, date of birth, etc.).

The full results for the analysis of the 140 websites is available here. The research team redacted the names of the 17 vulnerable services from their research in order to prevent SIM swappers from focusing on those sites for future attacks.

Additional details are provided in a white paper named “An Empirical Study of Wireless Carrier Authentication for SIM Swaps.”

Academic research finds five US telcos vulnerable to SIM swapping attacks 1
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 43,689.00
ethereum
Ethereum (ETH) $ 3,090.96
cardano
Cardano (ADA) $ 2.27
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 352.49
xrp
XRP (XRP) $ 0.950175
solana
Solana (SOL) $ 138.59
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 29.45
dogecoin
Dogecoin (DOGE) $ 0.208765
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 43,689.00
ethereumEthereum (ETH)
$ 3,090.96
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 513.10
litecoinLitecoin (LTC)
$ 153.01
bitcoinBitcoin (BTC)
37.276,98
ethereumEthereum (ETH)
2.637,32
tetherTether (USDT)
0,853235
bitcoin-cashBitcoin Cash (BCH)
437,79
litecoinLitecoin (LTC)
130,55
bitcoinBitcoin (BTC)
31,924.73
ethereumEthereum (ETH)
2,258.65
tetherTether (USDT)
0.730727
bitcoin-cashBitcoin Cash (BCH)
374.94
litecoinLitecoin (LTC)
111.81

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin43,558 0.08 % 2.25 % 9.76 %
Ethereum3,078.9 0.38 % 5.62 % 10.17 %
Cardano2.260 0.33 % 2.99 % 4.81 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin350.84 0.27 % 0.83 % 14.74 %
XRP0.9460 0.39 % 1.79 % 12.06 %
Solana137.96 0.38 % 1.86 % 18.90 %
USD Coin1.000 0.27 % 0.01 % 0.31 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2080 0.13 % 0.42 % 14.03 %

bitcoin
Bitcoin (BTC) $ 43,689.00
ethereum
Ethereum (ETH) $ 3,090.96
cardano
Cardano (ADA) $ 2.27
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 352.49
xrp
XRP (XRP) $ 0.950175
solana
Solana (SOL) $ 138.59
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 29.45
dogecoin
Dogecoin (DOGE) $ 0.208765