Illegal SIM swaps allow fraudsters to hijack a target’s phone’s number and use it to steal financial data, passwords, cryptocurrencies and other items of value from victims. Nixon said much of her perspective on mobile identity is colored by the lens of her work, which has her identifying some of the biggest criminals involved in hijacking phone numbers via SIM swapping attacks. How exactly did we get to the point where a single, semi-public and occasionally transient data point like a phone number can unlock access to such a large part of our online experience? KrebsOnSecurity spoke about this at length with Allison Nixon, director of security research at New York City-based cyber intelligence firm Flashpoint.
At the same time, when you lose control over a phone number - maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments - whoever inherits that number can then be you in a lot of places online.
They stink because most of us have so much invested in these digits that they’ve become de facto identities.
Phone numbers stink for security and authentication.