Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Cellphones Crime

FCC Tightens Telco Rules To Combat SIM-Swapping (securityweek.com) 21

An anonymous reader quotes a report from SecurityWeek: Moving to clamp down on the growing scourge of SIM-swapping and port-out fraud, the Federal Communications Commission (FCC) has unveiled new rules mandating telcos to give consumers greater control of their mobile phone accounts. Under the new rules, wireless carriers are required to notify customers of any SIM transfer requests, a measure designed to thwart fraudulent attempts by cybercriminals. The FCC has also revised its customer proprietary network information and local number portability rules, making it more challenging for scammers to access sensitive subscriber information.

The new protective measures (PDF) are meant to address SIM-swapping and port-out attacks widely documented in cybercriminal attacks against businesses and consumers. The attack technique is used to hijack mobile accounts, change and steal passwords, bypass MFA roadblocks and raid bank accounts. Studies have found that major mobile carriers in the US are vulnerable to SIM-swapping with the Federal Bureau of Investigation (FBI) receiving thousands of consumer complaints every year.

This discussion has been archived. No new comments can be posted.

FCC Tightens Telco Rules To Combat SIM-Swapping

Comments Filter:
  • by xack ( 5304745 ) on Saturday November 18, 2023 @08:12AM (#64014385)
    I know plenty of people forced to buy mobile phones who were happy with their landline because of SMS 2fa. The lie that requiring phone numbers reduces spam is not true due to devices with esims that can store thousands of numbers known as phone farms.
    • by nazsco ( 695026 )
      How will banks deny accounts to poor immigrants if you remove the facade of account protection via mobile phone number?

      > landline

      damn! you are old.
      • by PPH ( 736903 )

        You haven't seen the homeless and immigrants happily pecking away at their cell phones?

        Cell phones are increasingly a sign of the poor and disadvantaged. I used to stop in to a local Starbucks where the Microsoft bigshots also frequented. I don't think I ever saw Steve Ballmer or Bill Gates talking on cell phones. They were always with with a few friends or co-workers talking in person. Cell phones are a sign of being on a short leash in the corporate hierarchy.

      • Can't get a phone plan without a credit card or bank account. Can't get a bank account without a working mobile number. Maybe UOP, Universal Obama Phones, are going to have to happen. Since I doubt industry is going to change their ad hoc security policies.

      • It's not exactly a facade, it does actually work pretty well in Europe because for some weird reason our telcos don't fall prone to sim-swapping.

        Probably because they're held liable if it happens. Who knew, telcos go the extra mile if it affects their own bottom line.

  • Even Valve is rolling out phone 2fa for devs, so you can look forward to your steam games autoupdating with viruses once that gets compromised.
  • by devslash0 ( 4203435 ) on Saturday November 18, 2023 @12:31PM (#64014801)

    It's time we altogether stopped using phone numbers as peoples' digital identities. We've got better, cryptographic, highly-secure solutions now in place that are waiting to replace our dependency on mobile numbers. Someone just needs to make it happen.

  • Boom. Most security problems solved. Yeah yeah a few advanced actors can probably spoof video convincingly. But for the VAST majority of these remote financial crimes, requiring a videoconference would totally prevent. The idea that someone can call up a cell phone carrier and use an audio-only conversation to completely hijack a persons phone, complete with bank account access, is flat-out insane.
  • So far, it seems to me that TOTP is much better for MFA than SMS. It works with any device that has an internet connection, it's almost impervious to SIM-swap attacks, and it doesn't require web site operators to have some kind of cellular service provider to send SMS messages for authentication. Better yet, in some cases the TOTP seed can be shared, which is great for those services that don't have admin-only or billing-only accounts and thus require a fully-licensed account which often ends up being shar
  • by kmoser ( 1469707 ) on Saturday November 18, 2023 @02:40PM (#64015023)
    Mobile company: "We just swapped a SIM card for this customer. For security, let's notify them...with a phone call!"
  • I thought SIM-swapping was like when I moved my sim from my phone to my other phone so when I read this title, I was thinking “damn, we all will be criminals”. Perhaps it should be titled “SIM swap theft” or something.

To the landlord belongs the doorknobs.

Working...