For years we’ve talked about the growing threat of SIM hijacking, which involves a criminal covertly porting out your phone number from right underneath your nose (quite often with the help of bribed or conned wireless carrier employees).
Once they have your phone identity, they have access to most of your personal accounts secured by two-factor SMS authentication, opening the door to the theft of social media accounts or the draining of your cryptocurrency account. If you’re really unlucky, the hackers will harass the hell out of you in a bid to extort you even further.
It’s a huge mess, and the both the criminal complaints and lawsuits against wireless carriers for not doing more to protect their users have been piling up for several years. And by most accounts it remains a notable problem, something confirmed by the recent SIM hijacking of the Verizon phone belonging to Euphoria and White Lotus star Sydney Sweeney:
“The news provides more context on how hackers may have taken over Sweeney’s Twitter account to boost the value of an obscure cryptocurrency on the same day. The hack also highlights how telecommunications companies continue to be a soft-spot for personal and professional security, even for high profile stars.”
Continued problems related to SIM hijacking are particularly problematic given the people and services that still rely heavily on text message two-factor authentication (SMS 2FA). If the underlying verifying tech isn’t secure, all the accounts and services tethered to it aren’t either.
Senators like Ron Wyden have been sending letters to the FCC for years, asking the nation’s top telecom regulator to, you know, do its job. Late last year the FCC voted to craft new rules that were supposed to help fix the problem, but observers noted they were too vague to be of meaningful use.
And they were too vague to be of meaningful use because captured regulators (even the well intentioned ones) aren’t keen to truly stand up to major, politically powerful wireless providers. So what you often tend to get is a form of regulatory theater that doesn’t always accomplish much. With recent Supreme Court rulings that erode regulatory authority further, it’s not a dysfunction set to improve anytime soon.
