Princeton study: US carriers do little to protect customers from SIM-swap attacks

In brief: If you’re using SMS for two-factor authentication into your online accounts, you may want to change that as soon as possible. According to Princeton researchers, five of the largest US carriers are doing little to protect you from SIM swapping attacks, which give attackers an easy way to reset your passwords and access your sensitive data or impersonate you online.

While it’s always a good idea to use multi-factor authentication to secure your online accounts, it doesn’t mean you’re entirely safe from everyone who wants to steal sensitive personal data.

According to a study from Princeton University, five of the largest US prepaid carriers fail to protect you against something referred to by experts as a “SIM-swap” attack. We have covered this type of theft several times in the past.

The way it works is an attacker persuades a carrier to reassign the victim’s phone number to a new SIM card without going through all the standard security questions to verify their identity. This effectively allows the scammer to hijack someone’s account and use two-factor authentication to reset passwords to important online accounts like email and bank accounts.

The researchers signed up for 50 prepaid accounts on Verizon, AT&T, T-Mobile, US Mobile, and Tracfone, and spent most of 2019 looking for ways they could trick call center operators into attaching their phone numbers to a new SIMs. What they found was that they only needed to respond successfully to one security challenge to get it done, even after multiple failed attempts, which they report didn’t raise any red flags.

Princeton study: US carriers do little to protect customers from SIM-swap attacks 1

After intentionally providing wrong PINs, they were asked to verify other details like zip codes or other facts about the real account holder. The researchers told call center employees they couldn’t recall that information, at which point, the standard procedure appeared to be to ask about the most recent two calls made from their number.

That is the weakness that makes the process exploitable. Attackers can easily trick someone into calling specific numbers using websites promising one thing or another. The researchers also found that 17 out of 140 online services using SMS for two-factor authentication don’t employ any other method of verifying your identity, making it even easier for scammers to commit identity theft or steal victims’ personal information.

The experts at Princeton notified the carriers, and T-Mobile told them earlier this month that it’s no longer using call logs as an authentication method. Others, like Verizon and US Mobile, said they had received less than 1 percent of their SIM swapping requests over the phone, and that they are continually updating their cybersecurity practices.

The obvious conclusion is to stay away from using SMS as a form of two-factor authentication, and instead use an authenticator app. For those of you who own an Android phone, Google allows you to use your phone as a physical two-factor authentication key, which is about the safest method there is.

Princeton study: US carriers do little to protect customers from SIM-swap attacks 2
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 43,106.00
ethereum
Ethereum (ETH) $ 2,968.47
cardano
Cardano (ADA) $ 2.30
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 357.75
xrp
XRP (XRP) $ 0.9534
solana
Solana (SOL) $ 143.00
polkadot
Polkadot (DOT) $ 31.22
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.212826
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 43,106.00
ethereumEthereum (ETH)
$ 2,968.47
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 517.35
litecoinLitecoin (LTC)
$ 152.38
bitcoinBitcoin (BTC)
36.793,99
ethereumEthereum (ETH)
2.533,80
tetherTether (USDT)
0,853570
bitcoin-cashBitcoin Cash (BCH)
441,59
litecoinLitecoin (LTC)
130,07
bitcoinBitcoin (BTC)
31,568.68
ethereumEthereum (ETH)
2,173.96
tetherTether (USDT)
0.73235
bitcoin-cashBitcoin Cash (BCH)
378.88
litecoinLitecoin (LTC)
111.60

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin43,169 0.22 % 3.52 % 9.84 %
Ethereum2,978.2 0.88 % 5.54 % 16.66 %
Cardano2.310 0.54 % 2.66 % 4.68 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin359.33 0.69 % 6.20 % 15.44 %
XRP0.9564 1.01 % 3.96 % 12.34 %
Solana142.65 0.40 % 4.77 % 6.12 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.40 % 0.13 % 0.15 %
Dogecoin0.2131 0.03 % 4.75 % 12.17 %

bitcoin
Bitcoin (BTC) $ 43,106.00
ethereum
Ethereum (ETH) $ 2,968.47
cardano
Cardano (ADA) $ 2.30
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 357.75
xrp
XRP (XRP) $ 0.9534
solana
Solana (SOL) $ 143.00
polkadot
Polkadot (DOT) $ 31.22
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.212826