Click to Skip Ad
Closing in...
  1. Best Prime Day TV Deals
    16:38 Deals

    Best Prime Day TV deals: Samsung, LG, Vizio, and more

  2. AirPods Pro Prime Day Deal
    11:46 Deals

    AirPods Pro are back in stock at Amazon after selling out – and they’re $52 off

  3. Early Prime Day Deals
    08:06 Deals

    10 incredible early Prime Day deals that are about to end at Amazon

  4. Amazon Deals
    07:56 Deals

    10 deals you don’t want to miss on Saturday: Early Prime Day blowout, $50 off AirPods Max, $20 Blink Mini cam, more

  5. Amazon Deals
    10:32 Deals

    Today’s best deals: Free $15 Amazon credit, early Prime Day deals, first M1 iMac sale, $20 Blink cam, $600 projector for $300, more

Wireless companies are finally taking security seriously

March 2nd, 2018 at 8:00 PM
T-Mobile, AT&T, Sprint, and Verizon tackle port-out fraud

Among the dozens of exciting ways to get hacked these days, none are more dangerous than the SIM port-out. Consumers have increasingly started using two-factor authentication to secure everything from Facebook to bank accounts, and often the 2FA security code is sent via a text message. So criminals are following the system, and persuading cell companies via a little social engineering to port out people’s numbers to a different company, putting control of the victim’s cell number — and thus any authentication text messages — in the hands of the criminals.

This has been possible because for years, cell companies haven’t used a robust system to verify customer identity over the phone for a port-out. All the carriers offered some kind of security code to secure your account, but it wasn’t mandatory, and often a combination of name, billing address and social security number — easily taken from something like the Equifax hack! — was enough to port out a number.

At this week’s Mobile World Congress in Barcelona, an industry group that includes all four major US carriers announced a “next-generation mobile authentication platform” that aims to solve 2FA fraud once and for all.

Rather than just addressing the security concerns around porting out numbers, which carriers are doing on their own, the “Mobile Authentication Taskforce” is working on a system that makes SMS messages a viable and secure authentication option. The “highly secure solution” will deliver a cryptographically verified phone number and profile data for users of authorized applications with their consent,” and further verification will come from examining factors like “a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type.”

Reading between all the buzzwords, it seems that mobile carriers will use common online tells to flag up suspicious phone numbers — for example, if the number has an American area code and American billing address, the system might flag an attempted log-in from Russia.

The technology will begin internal trials in the “next few weeks,” with a full roll-out expected by the end of the year.

Popular News