Click to Skip Ad
Closing in...

Wireless companies are finally taking security seriously

Published Mar 2nd, 2018 8:00PM EST
T-Mobile, AT&T, Sprint, and Verizon tackle port-out fraud
Image: Zach Epstein, BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Among the dozens of exciting ways to get hacked these days, none are more dangerous than the SIM port-out. Consumers have increasingly started using two-factor authentication to secure everything from Facebook to bank accounts, and often the 2FA security code is sent via a text message. So criminals are following the system, and persuading cell companies via a little social engineering to port out people’s numbers to a different company, putting control of the victim’s cell number — and thus any authentication text messages — in the hands of the criminals.

This has been possible because for years, cell companies haven’t used a robust system to verify customer identity over the phone for a port-out. All the carriers offered some kind of security code to secure your account, but it wasn’t mandatory, and often a combination of name, billing address and social security number — easily taken from something like the Equifax hack! — was enough to port out a number.

At this week’s Mobile World Congress in Barcelona, an industry group that includes all four major US carriers announced a “next-generation mobile authentication platform” that aims to solve 2FA fraud once and for all.

Rather than just addressing the security concerns around porting out numbers, which carriers are doing on their own, the “Mobile Authentication Taskforce” is working on a system that makes SMS messages a viable and secure authentication option. The “highly secure solution” will deliver a cryptographically verified phone number and profile data for users of authorized applications with their consent,” and further verification will come from examining factors like “a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type.”

Reading between all the buzzwords, it seems that mobile carriers will use common online tells to flag up suspicious phone numbers — for example, if the number has an American area code and American billing address, the system might flag an attempted log-in from Russia.

The technology will begin internal trials in the “next few weeks,” with a full roll-out expected by the end of the year.

Chris Mills
Chris Mills News Editor

Chris Mills has been a news editor and writer for over 15 years, starting at Future Publishing, Gawker Media, and then BGR. He studied at McGill University in Quebec, Canada.

More Tech