All last year, Princeton academics spent their time testing five major
US telco providers to see if they could trick call center employees into
changing a user’s phone number to another SIM without providing proper
According to the research team, AT&T, T-Mobile, Tracfone, US Mobile, and
Verizon Wireless were found to be using vulnerable procedures with their
customer support centers, procedures that attackers could use to conduct
SIM swapping attacks.
In addition, the research team also looked at 140 online services and
websites and analyzed on which of these attackers could employ a SIM
swap to hijack a user’s account. According to the research team, 17 of
the 140 websites were found to be vulnerable.
To read the complete article see:
Full research here: