On Wed, Dec 18, 2013 at 6:12 PM, David Lochrin <[email protected]> wrote:
> > Trouble with mobile phone/SMS is that it relies on the phone number, > still being in the correct hands. There have been several articles about > prepared thieves using mobile number portability to move the target's > number to a device in their own hands - and then the SMS falls in the wrong > hands as well. > > That's interesting... do you have a reference? > I don't have any public references, but it's definitely happening - although rather than using mobile number portability it's normally done with a more basic "SIM swap" as you'd do if you lost your phone, had a SIM card fail, etc. At this stage it's generally a fairly small problem in most countries, however in some countries it's a major problem - especially where corruption is more of an problem as the criminals will simply pay off someone from a phone shop to carry out the swap or to hand over their username/password to the (Internet based!) systems for doing the swap. For example, in South Africa it's a big enough of a problem that some of the banks are working with the telcos to allow them to query the telco to determine if a SIM swap has been carried out in the last 24 hours, and if it has then they will block the transfer/authentication. Obviously this has false positives (buy a new phone and you can't use internet banking for 24 hours), but it's deemed acceptable. Scott _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
