Google Pixel Tablet is discounted here!

Many T-Mobile and AT&T subscribers could have been victims of a "SIM swap"

By
2comments
Google News Follow
Follow us on Google News
T-Mobile AT&T
Many T-Mobile and AT&T subscribers could have been victims of a "SIM swap"
T-Mobile customers purchasing an Apple iPhone from Apple's online store have to enter a four-digit PIN number or the last four digits of their social security number if they plan on financing the device (view image at the top of this article). For some reason, the page used to allow an infinite number of attempts to punch in the correct numbers which made the platform vulnerable to brute force attacks. And once a hacker has his hands on a T-Mobile customer's PIN number, or last four digits of a customer's social security number, he can request a new SIM card tied to the victim's T-Mobile account. At that point, not even two-factor authentication would be able to save the T-Mobile subscriber from having accounts connected to a smartphone from getting cleaned out.

In case you were wondering, AT&T, Verizon and Sprint subscribers financing the purchase of a new iPhone from Apple's online store once had more protection from brute force attacks than T-Mobile subscribers. After five to ten incorrect guesses at the PIN number or last four digits of the social security number, a hacker has just 60 minutes to find the correct digits. A perfect solution? No, but it is better than infinite guesses.

77 million T-Mobile subscribers were exposed due to this vulnerability. AT&T also had a similar issue revealed this week when it was discovered that the website for phone insurer Asurion released PIN codes belonging to AT&T customers. This security flaw could have allowed a hacker to request a new AT&T SIM card, thus giving the thief unlimited access to a victim's handset.

"Asurion takes customer security and privacy very seriously, and as such we have an ongoing, layered security program in place to prevent security issues. We are investigating the researcher’s concerns, but have immediately implemented measures to address these concerns to ensure customers’ accounts are safe."-Nicole Miller, spokesperson, Asurion

As it turns out, both Apple and Asurion made the necessary changes to their websites. But it does show that carriers around the world need to make it harder to obtain replacement SIM cards. Additionally, carriers in general must beef up security, including using background checks from legit security firms to check out newly hired employees. Several incidents involving the theft of bank and cryptocurrency accounts were made possible with the help of rogue employees working for wireless providers. These insiders funneled personal account information to the thieves in exchange for cash.

source: BuzzFeed via Phonescoop
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Senior News Writer
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

U.S. government warns all iOS and Android users to delete these texts immediately
U.S. government warns all iOS and Android users to delete these texts immediately
Some Galaxy S25 buyers already considering returning the phone because of overheating issues
Some Galaxy S25 buyers already considering returning the phone because of overheating issues
Is it game over for T-Mobile after Verizon and AT&T's big satellite breakthrough? Not even close!
Is it game over for T-Mobile after Verizon and AT&T's big satellite breakthrough? Not even close!
Decision reversed: T-Mobile can continue to make this claim in its television ad
Decision reversed: T-Mobile can continue to make this claim in its television ad
Helium Mobile unveils the first free 5G wireless plan in the U.S.
Helium Mobile unveils the first free 5G wireless plan in the U.S.
T-Mobile app officially breathed its last with a solemn final message
T-Mobile app officially breathed its last with a solemn final message

Latest News

The first big Apple Watch SE 2 discount of 2025 goes live on Amazon
The first big Apple Watch SE 2 discount of 2025 goes live on Amazon
TSMC stops shipping powerful GPU chips to China used to train AI models
TSMC stops shipping powerful GPU chips to China used to train AI models
The splendid Galaxy Tab S9 enjoys top-notch discounts in both storage versions at Amazon
The splendid Galaxy Tab S9 enjoys top-notch discounts in both storage versions at Amazon
Change to Google Maps will result in less clutter on the screen
Change to Google Maps will result in less clutter on the screen
U.S. government warns all iOS and Android users to delete these texts immediately
U.S. government warns all iOS and Android users to delete these texts immediately
Pocket-sized Pixel 9 becomes an even bigger bang for your buck after hefty discount
Pocket-sized Pixel 9 becomes an even bigger bang for your buck after hefty discount
FCC OKs Cingular\'s purchase of AT&T Wireless