Flash Talk: SIM Swapping and Rethinking Identity
The term SIM swapping has historically referred to phone number takeover using a variety of different methods. Malicious actors are hijacking and transferring phone numbers to devices under their control at an alarming rate These recent SIM swapping cases and high value fraud situations have highlighted weaknesses in the current procedures leveraged by companies to verify customer accounts. Attackers have proven that ownership of phone numbers is not reliable.
The methods used to successfully takeover an account have included password reuse, social engineering of customer service professionals, and using leaked personal information (such as SSNs) to authenticate access to and subsequently modify an account. Director of Security Research Allison Nixon will discuss some of these techniques used by attackers to successfully authenticate individuals, and why we may need to abandon the old methods.
*This Flash Talk was recorded on Tuesday, October 16, 2018.