Member Avatar for rproffitt

For those very new to this area, please google SIM SWAP and discover a very nasty security issue with all phones we use today. At first glance the new security researcher might think I'm exaggerating. Do your own research and tell me you don't find this to be one of the most foul, nasty exploits I've seen in years.

This exploit was recently used to highjack a writer's phone at https://www.zdnet.com/article/sim-swap-horror-story-ive-lost-decades-of-data-and-google-wont-lift-a-finger/
His case is still developing with loss of accounts, tax returns he stored on the Clouds, and a 25,000USD Bitcoin purchase.

And we're not talking thousands of dollars in losses but millions. Take for instance an over 23 million USD dollar loss at https://www.vice.com/en_us/article/pawwkz/bitcoin-investor-sues-att-23-million-sim-swap-hack

The current state of affairs appears to be DENIAL by the carriers that this is a problem. You can do your research and if you are like most I've talked to about this, it will shake your faith in all things smart phone and cloud based. So many are using their phone as their wallet and for now, until there are lawsuits that cost the makers of this disaster lose a few billion they won't see a reason to fix it.
SIMSWAP.png

  • 2 Contributors
  • 3 Replies
  • 3K Views
  • 7 Months Discussion Span
  • Latest Post Latest Post by Mr.M

Recommended Answers

All 3 Replies

Member Avatar for Mr.M

I've been hearing with this even here in RSA, people are complaining with this, I just wonder how they do it because it seems as if the victim is totally not aware of such.

commented: Victims become aware when the losses happen. The SimSwap issue has changed my mind about using my smart phone for more than phone and games. +15
Member Avatar for rproffitt

CNET reports at https://www.cnet.com/how-to/sim-swap-fraud-what-it-is-why-you-should-care-and-how-to-protect-yourself/
on January 19, 2020 about this rather awful exploit.

At first glance, it seems somewhat harmless. But when you consider that most of us have our phone numbers linked to our bank, email and social media accounts, you quickly begin to see how easy it would be for someone with access to your phone number can take over your entire online presence.

There's more at the linked articles but if you tie your banking, bitcoin, email and get this, Two Factor Authentication to your phone, you would be a a world of hurt.

That's one of my be take aways is that SMS 2FA is fundamentally broken by the SIM SWAP EXPLOIT.

Member Avatar for Mr.M

I think what's next on this issue or on this kind of hack, I think they will change or advance from sim swop to hacking the actual phones without our knowledge.

Take a look at this, on your mobile you download an App then on the installation process it ask you to grant it permissions to all the technologies it will need or use that also including reading your SMSs, your phone book contacts, and sometimes even your location.

Now to me that's a very dangerous acts just like how WhatsApp does when you installing it, you login, then it sends you an SMS with the OTP, but as soon as that SMS reaches your system tray it reads it and get the code. So for a hacking App I think it can also do the same when they are spying on you for your banking details because as we are in the 4IR we have seen even banks push people to bank digital mostly their mobile Apps.

Now to me that look like the next big hit we should be prepared of as it is coming and it will hit very badly because I'm not yet sure if its possible to get the message on system tray then instantly remove it so it doesn't notify or ring the notification but if that's possible then people might really lose money and don't get notifications on their Apps because these Apps would get it first then remove it so not to trigger the notification.

But that just me looking at this on a future run of which might be even already Present. My advice would be, if you are a gamer then don't use the phone you use for sensitive information, I mean avoid installing games, music streaming Apps or should I say entertainment Apps mostly the newer ones that are new in the market because you won't know if its the actual game or scam especially those that are shared via ShareIT.

commented: "Get that person an upvote." In reference to the Shareit comment. That's banned on some forums. +15
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.