this post was submitted on 15 Mar 2024
7 points (100.0% liked)
Technology
58070 readers
2799 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This says that they're able to hijack the phone numbers by scanning a QR code to configure an eSIM. But doesn't the carrier need to authenticate device swaps like that in the first place? If the carriers allow SIM swaps without anything more than a line of text, then that's a major account security issue that I have to imagine has already been accounted for when this tech and the policies for it were developed. I feel like there's some very important details missing to this.
From what I understand, the attackers steal your number by gaining access to your phone carrier account.
They can gain access to your account either by finding your info in a data breach, or by phishing the account details from you.
That's why they say that you need to setup a strong password with 2FA for your phone carrier account to protect yourself from this kind of attack.
I was going to say, I’ve never needed to talk to my phone provider with a new eSIM, i just need to login to the app and confirm. That makes it the obvious route for sim stealers
Remember this, next time some says “I don’t need a good password. What are they going to do, pay my phone bill?”