[LINK] A security question
Scott Howard
scott at doc.net.au
Thu Dec 19 14:14:54 AEDT 2013
On Wed, Dec 18, 2013 at 6:12 PM, David Lochrin <dlochrin at d2.net.au> wrote:
> > Trouble with mobile phone/SMS is that it relies on the phone number,
> still being in the correct hands. There have been several articles about
> prepared thieves using mobile number portability to move the target's
> number to a device in their own hands - and then the SMS falls in the wrong
> hands as well.
>
> That's interesting... do you have a reference?
>
I don't have any public references, but it's definitely happening -
although rather than using mobile number portability it's normally done
with a more basic "SIM swap" as you'd do if you lost your phone, had a SIM
card fail, etc.
At this stage it's generally a fairly small problem in most countries,
however in some countries it's a major problem - especially where
corruption is more of an problem as the criminals will simply pay off
someone from a phone shop to carry out the swap or to hand over their
username/password to the (Internet based!) systems for doing the swap.
For example, in South Africa it's a big enough of a problem that some of
the banks are working with the telcos to allow them to query the telco to
determine if a SIM swap has been carried out in the last 24 hours, and if
it has then they will block the transfer/authentication. Obviously this
has false positives (buy a new phone and you can't use internet banking for
24 hours), but it's deemed acceptable.
Scott
More information about the Link
mailing list