A control hacking video. Cloning a phone number

prime

A few months ago there was a video about a hacker and an interviewer showing how easy it is to take over a cell number, and using the cell number to take over that persons accounts. I wish I saved it. Anyone remember this?

AGAlumB

@prime: I remember something like that from a few years ago, but not anything recent. But in my experience it's pretty insecure. Almost anyone working in customer service for a cell phone retailer, not just the actual providers, will have access to port a number to a new device/SIM since that's pretty essential for them to help customers. So being lax about verification, or the information needed to verify being discoverable on the internet, can allow someone to get the number moved to their device. Sometimes you can get cell companies to require a PIN or something to perform operations like these, but that isn't always enforced, as it's really just a matter of policy; and there have been cases where it's been ignored completely, or where social engineering was used to coax customer service staff to assist without proper verification. But often even going through "proper" verification is just a matter of someone getting the last four of your Social Security Number, mother's maiden name, etc. If you're concerned that you might be a target of such an attack, contact your cell provider and see what security measures they offer. I wouldn't be optimistic, but you may be pleasantly surprised. And, if nothing else, their customers letting them know this is a concern may encourage them to tighten security and offer better options in the future.

prime

@brenty it was a video and I remember the guy didn’t believe how easy it was. A female hacker showed him by calling the phone company and having a fake baby cry in the background, it was great. You listed the reasons why I want this exact video :lol:

AGAlumB

@prime: That's the one! It's a few years old, but maybe it made the rounds again recently. Cheers! :)

prime

@brenty yes! That’s the one! Thank you!

AGAlumB

No problem! :chuffed: :+1:

MerryBit

I just watched the video and as scary as the first vishing attack is, it's the second attack that really gets me. The hacker says he stole the victim's 1Password keychain and that's what allowed him to fully impersonate his victim. I realize the hacker was only successful because he was able to lure his victim into installing malware on his computer, but it's still scary as hell that if your 1Password installation is compromised, you are so, so done for.

prime

@MerryBit I tell people all the time, once they have control of your computer, game over. Nothing can save you.

It doesn’t even have to be a password manager. Most people save their login info in the browser also.

AGAlumB

Indeed, if someone has your 1Password data and the Master Password needed to decrypt it, they are, for the purposes of accessing your data, effectively you. Your home may have solid doors, windows, and locks, but if you lose your wallet with your key and drivers license (for the address) inside, whomever finds it can just walk right in. :blush: