Academic research finds five US telcos vulnerable to SIM swapping attacks

Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.

A Princeton University academic study published yesterday found that five major US prepaid wireless carriers are vulnerable to SIM swapping attacks.

A SIM swap is when an attacker calls a mobile provider and tricks the telco’s staff into changing a victim’s phone number to an attacker-controlled SIM card.

This allows the attacker to reset passwords and gain access to sensitive online accounts, like email inboxes, e-banking portals, or cryptocurrency trading systems.

All last year, Princeton academics spent their time testing five major US telco providers to see if they could trick call center employees into changing a user’s phone number to another SIM without providing proper credentials.

According to the research team, AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless were found to be using vulnerable procedures with their customer support centers, procedures that attackers could use to conduct SIM swapping attacks.