I read this with some fear, some recognition:
It’s just too easy for a mobile telco employee to port a number to a new SIM. I also resent how banks and other important on-line vendors insist on taking you back to SMS (even after you 2FA with something better). SMS is not a good way to manage security, and just undoes what I had hoped to achieve with real 2FA systems. Everyone’s savings are at risk to this sort of hack. In this case it was crypto, but this could just as easily have gone to a bank, and you’d have only their pattern AI holding the activity, which usually results in…a text message.
Be careful out there. If anyone has a way they think gets around this without becoming a cyber-monk, I’m all ears.
UPDATE: My son, a true cyber-monk, “the attack surface on telcos is just incredible”
My $340k Hack
On Monday, April 4, 2022, a hacker stole $340,000 worth of crypto from my 401k’s Kraken account. Below is a post-mortem in that, hopefully...
falkenblog.blogspot.com
It’s just too easy for a mobile telco employee to port a number to a new SIM. I also resent how banks and other important on-line vendors insist on taking you back to SMS (even after you 2FA with something better). SMS is not a good way to manage security, and just undoes what I had hoped to achieve with real 2FA systems. Everyone’s savings are at risk to this sort of hack. In this case it was crypto, but this could just as easily have gone to a bank, and you’d have only their pattern AI holding the activity, which usually results in…a text message.
Be careful out there. If anyone has a way they think gets around this without becoming a cyber-monk, I’m all ears.
UPDATE: My son, a true cyber-monk, “the attack surface on telcos is just incredible”
Last edited: