Security News > 2020 > January > Relying on AT&T, Verizon and T-Mob US to protect you from SIM swapping? You better get used to disappointment

Four Princeton University eggheads have published a report showing that the five major US mobile carriers implement weak authentication techniques, leaving customers vulnerable to SIM-swapping attacks that transfer victims' phone numbers to devices controlled by scammers.

In a paper [PDF] titled, "An Empirical Study of Wireless Carrier Authentication for SIM Swaps," Kevin Lee, Ben Kaiser, Jonathan Mayer, and Arvind Narayanan looked at how AT&T, T-Mobile US, Tracfone, US Mobile, and Verizon Wireless handle requests to change the SIM card associated with mobile phone numbers.

Between May and July last year, they managed to conduct a mostly successful series of attacks: AT&T; T-Mobile US; Tracfone; US Mobile, and Verizon Wireless.

"It's time for the FCC to step up and protect consumers by holding carriers accountable when their systems fail to protect against SIM swapping."

In response to the boffins' findings, US Mobile published a blog post stating that the paper focused on SIM-swapping attacks conducted by phone, which represent only 1 per cent of SIM-swapping requests at the carrier.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/13/sim_swapping_study/