Security News > 2020 > January > Major U.S. Mobile Carriers Vulnerable to SIM Swapping Attacks
Weak security measures in place at several major wireless carriers in the United States make it easy for attackers to perform SIM swap attacks on prepaid mobile accounts, a recent study found.
In a SIM swapping attack, social engineering is used to convince a wireless services provider to hand over control of the victim's phone number by modifying the SIM card attached to the phone and mobile account.
While wireless carriers have some authentication procedures in place to prevent unauthorized access and the successful takeover of a victim's phone number by calling the carrier to request a SIM card transfer, these seem inefficient, researchers from Princeton University have discovered.
Users who call a wireless carrier for a SIM swap are presented with a series of challenges meant for authentication purposes and only after these have been passed a Customer Service Representative proceeds to update the SIM card on the account.
Tracfone and US Mobile, the researchers discovered, did not offer challenges that an attacker could answer correctly, but SIM swapping was allowed even without authentication: 6 times at Tracfone and 3 times at US Mobile.