“One Simple Trick” That Should Have Seen Widespread Deployment Years Ago
AT&T are the first North American provider to actually offer some protection against SIM swapping to it’s users. Wireless Account Lock protection is a new feature you can find in the settings of your myAT&T mobile app, assuming that is your provider of course. Once you toggle it on, it prevents changes from being made to a SIM card until it is toggled off. This dead simple addition will protect you from the all too common SIM swapping, SIM hijacking, or port-out fraud if you prefer, that bad actors frequently make use of to ruin people’s lives.
The attack requires an attacker to convince, or in some cases bribe, a employee at your provider to move your phone number to a new SIM, one which they have in their possession. Once they have your number, they can leverage any MFA protection you have which depends on receiving text messages. That makes it simple to change your passwords for any account which uses text based MFA for verification. With Wireless Account Lock enabled, the request to swap your SIM should be denied no matter what the attacker tries.
This is why many security experts recommend always using app based MFA as opposed to text messages, however not every company offers that option. Many service providers dragged their feet enabling MFA protection for their customers accounts, and invested the absolute minimum when they did implement it. At least this finally gives AT&T customers some protection, and inspires other telecom companies to do the same.
Source link