Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Thu, 09 Jul 2020 15:31:33 +0000
Verizon has added a new feature in its official mobile app that makes it easier to protect your phone number from hackers.
At the end of June, the company launched a feature called “Number Lock,” which makes it easier for users to enable protection that could potentially stop SIM swapping hacks. Verizon customers can now enable this protection directly from the “My Verizon” app and with just a tap, as Motherboard verified this week.
The feature is essentially “an extra layer of security” and “a freeze” on the number, as a Verizon customer support representative explained. When enabled, if someone impersonates the customer and tries to port out their number, Verizon notifies the customer via text message or email, attempting to verify that it’s really them.
It's not foolproof, however. As the customer support rep said, Verizon employees can override this once the customer verifies themselves—meaning they have the ability to do it anyway if the hacker were to accomplish that. In any case, this does in theory add an extra layer of security and makes it harder to pull off a SIM swapping attack.
Verizon did not respond to a request for comment inquiring about how the feature works, and instead linked us to its official support page.
Do you work at Verizon or another wireless carrier? If you have any tips about SIM swapping or other hacks, using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
“Presuming this user-controlled toggle can’t be overridden by a bribed customer service rep or access to a back-end dashboard, this would appear to solve the problem,” Michael Terpin, one of the most well-known victims of SIM swapping who is suing AT&T for damages, told Motherboard. “If so, kudos to Verizon. Hopefully, T-Mobile and AT&T follow their lead.”
Thousands of people across the United States have been victims of SIM swapping hacks, which are also called port out scams—an expression derived from the concept of porting a number from one carrier to another—and SIM hijacking.
These kinds of hacks are aimed at defeating two-factor authentication systems that rely on SMS, and they are relatively easy to pull off. Hackers usually impersonate the target and pretend they need to transfer their number to a new SIM card, or simply bribe telecom employees to achieve the same goal. Once they have control of the phone number, they can use it to reset the victims’ passwords on sensitive accounts like their email, or steal money from their online cryptocurrency wallets.
For years, telecom companies have been struggling to slow down these hacks, and users have been left alone in figuring out ways to protect themselves.
Verizon has historically been one of the hardest targets for SIM swappers. Last year, Motherboard reported that the company’s security procedures already were making it harder for hackers to target their customers, compared to other telecom companies. Making it easier to enable Number Lock will make it even easier for customers to turn on protections that could significantly slow down or even prevent SIM swapping hackers.
A spokesperson for AT&T said that the company has “security measures in place, and continue to add more, to help prevent fraud including SIM swaps and porting.”
“We have recently implemented a new process involving risk assessments and text-message notification for numbers being ported to another carrier,” the spokesperson said in an email.
T-Mobile and Sprint did not respond to a request for comment.
Subscribe to our new cybersecurity podcast, CYBER.
This article originally appeared on VICE US.