What is SIM Swapping?
Jack Dorsey was hacked recently. Yup, that Jack Dorsey — the founder of Twitter. The cyber criminals used a technique that’s called “SIM swapping” to get ahold of
1. It’s really easy.
SIM swapping is when someone calls a phone provider — like AT&T or Verizon — and asks that a number be transferred to a new device. This option is available because people lose devices, break them, or even just upgrade to a new one all the time. However, that ease of access also opens up a huge security hole that criminals can exploit.
And while sometimes thieves are able to just impersonate the actual owner of a phone number, in other cases they bribe phone provider employers to do the switch, reportedly for as little as $100.
SIM swapping was originally done for fun or to get control of legacy social media accounts, usually ones with one word like @snake, for example. But it became clear pretty quickly that by gaining access to a device, you could also gain access to a lot of personal -- and potentially valuable -- data. So cyber criminals started SIM swapping for more than just fun.
2. It takes advantage of two-factor authentication.
Two-factor authentication is a security measure that many online services have put into place in order to add another layer of protection on people’s accounts. The idea behind 2FA is that you need two things in order to access your account: “something you know, and something you have.” That means a password you know and a code delivered to you in another form, often as an SMS text message.
In most cases, only the person who owns the phone would be able to get the text message with the necessary code. But in the case of SIM swapping, once the thief has control of the phone, they also have control of the two-factor authentication. That means they can get the necessary codes to access personal accounts like email, photos, and cloud storage.
3. There’s not much you can do.
SIM swapping is becoming more popular and, unfortunately, there’s not much the average consumer can do about it. Some phone providers have started requiring a PIN to change a number to a new device, but The New York Times reports that phone company employees can be bribed for those, too.
“It just doesn’t seem like the AT&Ts of the world are really doing anything to make it more difficult,” Erin West, a deputy district attorney in California’s Santa Clara County, told The Times. “I live in fear that I will get SIM-swapped because it’s not that difficult.”
4. Phone service providers need to figure it out.
While many security gaps can be plugged by users, this is a problem that has to be solved by the phone providers themselves. As thieves hit increasingly famous targets (actress Jessica Alba and and online personalities Shane Dawson and Amanda Cerny have been recently hit), perhaps phone companies will wake up and do something about it. We’ll have to wait and see.Share this post
Install Tenta Browser Free!
Start protecting your online privacy today with Tenta Browser.