Sidney Sweeney’s Verizon Phone Gets SIM Hijacked
from the SSDD dept
For years we’ve talked about the growing threat of SIM hijacking, which involves a criminal covertly porting out your phone number from right underneath your nose (quite often with the help of bribed or conned wireless carrier employees).
Once they have your phone identity, they have access to most of your personal accounts secured by two-factor SMS authentication, opening the door to the theft of social media accounts or the draining of your cryptocurrency account. If you’re really unlucky, the hackers will harass the hell out of you in a bid to extort you even further.
It’s a huge mess, and the both the criminal complaints and lawsuits against wireless carriers for not doing more to protect their users have been piling up for several years. And by most accounts it remains a notable problem, something confirmed by the recent SIM hijacking of the Verizon phone belonging to Euphoria and White Lotus star Sydney Sweeney:
“The news provides more context on how hackers may have taken over Sweeney’s Twitter account to boost the value of an obscure cryptocurrency on the same day. The hack also highlights how telecommunications companies continue to be a soft-spot for personal and professional security, even for high profile stars.”
Continued problems related to SIM hijacking are particularly problematic given the people and services that still rely heavily on text message two-factor authentication (SMS 2FA). If the underlying verifying tech isn’t secure, all the accounts and services tethered to it aren’t either.
Senators like Ron Wyden have been sending letters to the FCC for years, asking the nation’s top telecom regulator to, you know, do its job. Late last year the FCC voted to craft new rules that were supposed to help fix the problem, but observers noted they were too vague to be of meaningful use.
And they were too vague to be of meaningful use because captured regulators (even the well intentioned ones) aren’t keen to truly stand up to major, politically powerful wireless providers. So what you often tend to get is a form of regulatory theater that doesn’t always accomplish much. With recent Supreme Court rulings that erode regulatory authority further, it’s not a dysfunction set to improve anytime soon.
Filed Under: 2fa, mobile, privacy, security, sidney sweeney, sim hijacking, sms, two factor authentication, wireless
Companies: verizon
Comments on “Sidney Sweeney’s Verizon Phone Gets SIM Hijacked”
So… everyone should insist that their solutions providers avoid SMS 2FA and move to something more secure like FIDO2, or at least an authenticator app of some sort.
SMS is fine for notifications and initial validation, but it should never be used to prove someone is still who they claim to be.
SIM-Swapping is hard to deal with because it occurs where a user interacts with tech they don’t understand, but also depend on to live.
It would be trivial to prevent it from ever happening again. It’s much harder to prevent it without inadvertently killing and financially ruining people.
I view phone numbers and the way we use them in the modern era in a similar vein to SSNs. Something wholly insecure being used in a way never intended.
So how do you handle 2FA in a way that doesn’t end up ruining some of the slower, less technically inclined, and otherwise less mentally capable folks among us? How do you make sure grandmas can order their meds and teens can readily contact their bumpkin parents, without making something exploitable? Something where they’re not cut off from everything after a house fire, or forgetting to empty their pockets before the wash?
If you want to know where the concern is actually focused, just ask a politician why they refuse to attach any actual fines & penalties to failures to protect the customers.
If there was a large fine & having to face damages in court from the person affected, they might finally decide it makes financial sense to provide even the bare minimum security.
Re:
We got a TikTok moral panic in lieu of privacy legislation. Cui Bono?