An alarming test carried out by Princeton shows that the five largest US carriers fail to properly protect their customers against co-called SIM-swap attacks.
They were able to persuade the carriers to assign phone numbers to new SIMs without successfully answering any of the standard security questions. Once a phone number has been reassigned to a SIM in the possession of an attacker, they can reset passwords even on accounts protected by two-factor authentication (2FA) …
more…
