Princeton study: US carriers do little to protect customers from SIM-swap attacks

In brief: If you’re using SMS for two-factor authentication into your online accounts, you may want to change that as soon as possible. According to Princeton researchers, five of the largest US carriers are doing little to protect you from SIM swapping attacks, which give attackers an easy way to reset your passwords and access your sensitive data or impersonate you online.

While it’s always a good idea to use multi-factor authentication to secure your online accounts, it doesn’t mean you’re entirely safe from everyone who wants to steal sensitive personal data.

According to a study from Princeton University, five of the largest US prepaid carriers fail to protect you against something referred to by experts as a “SIM-swap” attack. We have covered this type of theft several times in the past.

The way it works is an attacker persuades a carrier to reassign the victim’s phone number to a new SIM card without going through all the standard security questions to verify their identity. This effectively allows the scammer to hijack someone’s account and use two-factor authentication to reset passwords to important online accounts like email and bank accounts.

The researchers signed up for 50 prepaid accounts on Verizon, AT&T, T-Mobile, US Mobile, and Tracfone, and spent most of 2019 looking for ways they could trick call center operators into attaching their phone numbers to a new SIMs. What they found was that they only needed to respond successfully to one security challenge to get it done, even after multiple failed attempts, which they report didn’t raise any red flags.

Princeton study: US carriers do little to protect customers from SIM-swap attacks 1

After intentionally providing wrong PINs, they were asked to verify other details like zip codes or other facts about the real account holder. The researchers told call center employees they couldn’t recall that information, at which point, the standard procedure appeared to be to ask about the most recent two calls made from their number.

That is the weakness that makes the process exploitable. Attackers can easily trick someone into calling specific numbers using websites promising one thing or another. The researchers also found that 17 out of 140 online services using SMS for two-factor authentication don’t employ any other method of verifying your identity, making it even easier for scammers to commit identity theft or steal victims’ personal information.

The experts at Princeton notified the carriers, and T-Mobile told them earlier this month that it’s no longer using call logs as an authentication method. Others, like Verizon and US Mobile, said they had received less than 1 percent of their SIM swapping requests over the phone, and that they are continually updating their cybersecurity practices.

The obvious conclusion is to stay away from using SMS as a form of two-factor authentication, and instead use an authenticator app. For those of you who own an Android phone, Google allows you to use your phone as a physical two-factor authentication key, which is about the safest method there is.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin37,071 1.64 % 0.06 % 12.56 %
Ethereum2,511.9 3.46 % 1.92 % 20.67 %
Tether0.9969 0.35 % 0.64 % 0.31 %
Binance Coin373.40 0.99 % 1.38 % 20.85 %
USD Coin1.000 0.15 % 0.19 % 0.09 %
Cardano1.070 1.11 % 4.65 % 27.03 %
XRP0.6291 3.58 % 3.41 % 16.41 %
Solana91.93 2.09 % 0.67 % 35.10 %
Terra61.09 3.23 % 5.02 % 24.12 %
Polkadot18.41 3.19 % 1.81 % 26.71 %

Bitcoin (BTC) $ 37,051.00
Ethereum (ETH) $ 2,514.57
Tether (USDT) $ 0.998414
Binance Coin (BNB) $ 377.32
USD Coin (USDC) $ 1.00
Cardano (ADA) $ 1.09
XRP (XRP) $ 0.624687
Solana (SOL) $ 94.20
Terra (LUNA) $ 61.14
Polkadot (DOT) $ 18.40