The physical perpetrator takes the SIM card and puts it into a different phone. There are a surprising number of significant services that let you reset everything if you know only the phone number (and can respond to OTP messages sent to the number). More than you realize.
-
Show this thread
-
The goal of this, and what I’ll describe next, is to take over an email ‘Recovery’ account. You know, the main e-mail acct you use to have all your email-reset passwords sent to fit your bank/amazon/venmo/paypal/bitcoin-y/etc type accounts. But this is a modest risk...
2 replies 2 retweets 19 likesShow this thread -
It requires some targeting and human interaction. Sometimes the ‘mugging’ is just social engineering a mobile phone store after you have been targeted in order to ‘port’ your mobile number to a new SIM. Either way, there’s some work required if the adversary. It can be worth it
1 reply 2 retweets 11 likesShow this thread -
For instance this event apparently used a team of people who spent significant(?) time to slam/port 40 numbers ala social engineering. Leaving likely physical evidence along with digital inference. Maybe worth it for 5M (BTC equiv, ymmv).https://motherboard.vice.com/en_us/article/a3q7mz/hacker-allegedly-stole-millions-bitcoin-sim-swapping …
2 replies 5 retweets 22 likesShow this thread -
Then comes the part tgat everyone is implying in the media, but seemingly nit grasping the significance thereof: direct SS7 messaging. The social engineering / physical aspect of stealing a mobile number is not to be scoffed at. It works. It’s doable at the ‘street-crime’ level,
2 replies 5 retweets 24 likesShow this thread -
And still groups and orgs running major political campaigns fought U2F entirely, as many have, and didn’t even go as far as confirming/enforcing SMS 2fa (previous thread). And yes, I’m saying SMS 2FA is better than no 2FA. But here’s where it gets good/scary, in my opinion.
2 replies 5 retweets 28 likesShow this thread -
It all got really interesting a while back. Local number portability and national number portability. https://en.wikipedia.org/wiki/Local_number_portability … People could keep their numbers, when they moved homes... when they went mobile. Along with a lot of other enhancements to SS7, this was special.
1 reply 3 retweets 21 likesShow this thread -
The thing about SS7[0], which is the protocol for orchestrating and ultimately creating your voice call connections (circuits), is that it was intended to be interfaced with by trusted parties: ILECS (Incumbent Lical Exchange Carriers) and later CLECS (Competitive...)...
2 replies 5 retweets 26 likesShow this thread -
But... CLECS were an inflection point. They were reselling access (SS7) into the walled garden. This later became VoIP providers. The more promiscuous ones running the media gateways that international robo-callers use. Cheaply. They are plentiful, and many have direct SS7...
3 replies 5 retweets 30 likesShow this thread -
Replying to @dotMudge
Allowing last-hop connection at ridiculously low price was a huge mistake. It turned voip into a market for scammers. No legitimate users needed lower than ~2¢/min @ ≥1 minute granularity and ~15¢ @ connection.
1 reply 0 retweets 0 likes
It should be taxed at that rate just to destroy the profitability of scams.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.