All the Major USA Carriers are Vulnerable to SIM Swapping: Study

A recent study found that as many as five prepaid carriers from the United States are vulnerable to the SIM swapping techniques. The researchers signed up a total of 50 prepaid accounts from all the major network carriers from the USA, such as T-Mobile, US Mobile, AT&T, Verizon, and Tracfone, for their research purpose. The signed up ten accounts from each of the above five carriers.

In their study, they found that the companies are switching their services from one prepaid to another, even if the customers verify their identity through only one question. The researchers got the biggest surprise when they put wrong inputs after the only right answer, and they successfully managed to switch their services.

Experts feel that the recent methodology is dangerous, as attackers could easily control the phone number of the victim by answering a single question. Once the attackers gained control over the SIM, they could easily reset the existing passwords of their bank accounts and email, and other social media accounts. The attackers even easily change the linked phone number with the help of the controlled SIM; therefore, the owners will find it hard to recover their data.

How the Researchers able to Swap their SIM?

To measure the security aspect of the SIM, the researchers called the respective companies and requested them to change their SIMs. Intentionally, they typed a wrong PIN repeatedly for forcing the company to try a second method.

In the second method, the companies asked them to type their date of birth or ZIP code. But, the researchers claimed that they provided the wrong input earlier. As a result, the carrier used the third-type authentication technique. In the third method, the carrier asks them for the last two call history. By completing the third method, they were able to complete their SIM swapping. The method is far from full-proof, as an attacker could easily trick the victim by calling them into two random numbers.