The National Communications Authority (Enacom) has established that mobile phone operators must change their current security system and adopt biometric recognition when changing a new SIM card, in order to avoid cases of identity theft and hacking.
This information was confirmed by the vice president of Enacom, Gustavo López, in response to a request by federal judge María Servini for the regulatory body to take the necessary measures to prevent the hacking of mobile phones through the method called “SIM Swapping” .
This modality, which has been in force for some time, was apparently used in the recent attacks suffered by the Minister of Security and Justice of Buenos Aires, Marcelo D’Alessandro, and by the national deputy of Together for Change (JxC), Diego Santilli.
To carry out this type of attack, the hacker, with an empty SIM – generally obtained illegally – contacts the operator to report an alleged stolen or lost card.
The person trying to clone the chip needs the original SIM to stop working, as it is not possible to have the same number activated on two devices at the same time.
To achieve its goal, the original SIM information must be removed. The spy uses deception and social engineering techniques to communicate with the service provider company and report an alleged destruction or loss some paper.
The problem is that the operators usually do not verify identity and the required data, such as address, date of birth, document number or name, with great rigor. Relatively easy information to obtain, especially in the case of public figures.
What emerges from this situation is how easy and simple it is to trick an operator into agreeing to the request to transfer the account to another SIM since the previous one, in theory, was no longer used.
Once the duplicate has been obtained via SIM Swapping, the attacker only has to insert the card. Once the company moves the connection data to the brand new chip, the device will be recognized by services and applications such as the bearer of that number.
The risk is that the attacker has a free hand to access all information and account data of the victim. From calls to SMS, you can also activate WhatsApp and other messaging applications by validating the phone number.
From then on, you are in complete control. In just a few steps you can access your banking application and steal your money by transacting on other accounts. And while a verification code is required to do so, the attacker has access to the customer’s mobile line, so he only needs to copy and paste the code he receives.
Check through the face
With the new change proposed by the government, companies will have to add new verification steps focused on biometrics. According to industry estimates, there are around 300,000 complaints a month reaching companies, despite the SIM Swapping scam; In particular, it only represents the 0.05% of attacks IT
By the end of this month, Enacom will publish a resolution with the specifics of the implementation of the biometric system which will concern all mobile telephone companies.
Phone companies say the implementation won’t be easy. Especially since the cheapest cell phone lines do not provide biometric recognition. It’s also unclear whether each company will need to use their own database or if Renaper’s database will be used.
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.