Tweet
Simswap attacks has increased in recent years, with several high-profile cases in the media showing very fast & effective ways of duping people or getting access to valuable accounts . All the way back in 2006 Paris Hilton got accused of hacking into the voicemail of Lindsay Lohan, while similar scandals has been observed since then in other countries as well.
Asking around in my home country of Norway, neither simswap attacks or voicemail hacking seemed to be known among most infosec people, or at least not part of anyone's risk analysis. So I decided to take a closer look.
The results were shocking at many levels, from technical levels to political decisions & apathy. Several million customers of 3 different carriers in 3 countries were exposed to potential voicemail hacking for up to 13 years. A fake business card was enough to do a simswap & hijack the number of a famous female blogger, while credential stuffing against a mobile carrier allowed for account hijacking of women who used SMS 2FA with their accounts at various services.
This talk will explain what I found, what I did, and how it changed carriers, government agencies, politics & law.
Speaker(s): Per Thorsheim
Location: Crypto & Privacy Vlg
Discord: https://discord.com/channels/7082082...34002011832320
Event starts: 2020-08-08 14:00 (02:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-08 15:00 (03:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-30T05:23 (UTC).
Asking around in my home country of Norway, neither simswap attacks or voicemail hacking seemed to be known among most infosec people, or at least not part of anyone's risk analysis. So I decided to take a closer look.
The results were shocking at many levels, from technical levels to political decisions & apathy. Several million customers of 3 different carriers in 3 countries were exposed to potential voicemail hacking for up to 13 years. A fake business card was enough to do a simswap & hijack the number of a famous female blogger, while credential stuffing against a mobile carrier allowed for account hijacking of women who used SMS 2FA with their accounts at various services.
This talk will explain what I found, what I did, and how it changed carriers, government agencies, politics & law.
Speaker(s): Per Thorsheim
Location: Crypto & Privacy Vlg
Discord: https://discord.com/channels/7082082...34002011832320
Event starts: 2020-08-08 14:00 (02:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-08 15:00 (03:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-30T05:23 (UTC).