We got confirmation Dorsey was SIM jacked. Amazing the carriers haven't set up better protections against thishttps://www.buzzfeed.com/nicolenguyen/jack-dorsey-twitter-was-hacked …
Show this thread
-
I actually shared the following with a journalist I’ve been speaking to recently about the growing problem of porting/SIM swapping. It’s happening in brick and mortar locations. There’s got to be a way to prevent this.pic.twitter.com/aDMmKIoa23
There isn't. Phone numbers, and the way they are distributed and changed, simply are not anything resembling a high-security protocol, and cannot be made so at any reasonable cost. People can complain and fantasize about this all they want, doesn't change reality.
-
-
I don’t disagree w/ your statement in general, but you telling me mobile carriers can’t add a feature that allows me to add a 2FA TOTP to my account to authorize porting of my number to a new device? . If lesser companies can add 2FA TOTP for specific actions, so can they. No?
-
The FCC decided some time ago to sacrifice security for consumer ease in porting numbers. Carriers did not choose the system we have now. Imagine if some regulator decided individual IP addresses must be portable across providers ASAP and you can imagine the resulting mess.
-
This is an interesting point. unaware of regulators created this mess but tonyour point if websites could be ported the same way it would be terrible. What are your thoughts on realistic solutions for carriers to try and do something to make porting more difficult?
End of conversation
New conversation -
-
-
To add spice to the discussion, in KSA and most of the GCC, SIM cards are controlled by biometrics (fingerprints). One cannot alter, swap, or do any changes on a SIM card without such credentials. With that said, agree on them not being designed to be a high-security protocol.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This^
-
Tweet unavailable
-
I missed this article when it was published but this is excellent work
@briankrebs Maybe with someone high profile enough like@jack getting attacked, pressure can be put on mobile carriers implement security features and improvements that protect their customers.
End of conversation
New conversation -
-
-
They have done this to multiple high profile people over the last two weeks, wouldn't it just take 1 fucking phone call to prove the person is scamming? How hard is that for at&t to do?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.