Next up: SIM card slamming

In this case, however, the perpetrator didn’t try to port Rosenzweig’s phone number: Instead, the attacker called multiple T-Mobile retail stores within an hour’s drive of Rosenzweig’s home address until he succeeded in convincing a store employee to conduct what’s known as a SIM swap.

~ Brian Krebs from, https://krebsonsecurity.com/2018/05/t-mobile-employee-made-unauthorized-sim-swap-to-steal-instagram-account/

slip:4uketo1.

Free swapping of SIMs is a feature making it easy to change phones [which might require different SIM card sizes] and to recover from entirely losing your device.

Age-old axiom: If you can imagine a situation where you would prefer to not use the feature, then someone can imagine a way to abuse that feature as a security vulnerability.

…and just a few days ago I was talking about not using your cell phone as a “second form of authentication.” :/

ɕ