Five major US prepaid wireless carriers, including AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless are vulnerable to SIM swapping attacks, according to a Princeton University academic study.
In addition, the research team also looked at 140 online services and websites and analyzed on which of these attackers could employ a SIM swap to hijack a user’s account. According to the research team, 17 of the 140 websites were found to be vulnerable, ZDNet recently reported.
A SIM swap attack is when an attacker calls a service provider and tricks the telecom operator’s staff into changing a victim’s phone number to an attacker-controlled SIM card.
This allows the attacker to reset passwords and gain access to sensitive online accounts, like email inboxes, e-banking portals, or cryptocurrency trading systems, the report added.
For their research that targeted US telcos, the research team said it created 50 prepaid accounts, 10 with each carrier.
For each account, the research team used the 50 SIM cards on a unique phone, and for real calls, in order to create a realistic call history.