Some T-Mobile customers have recently been the victims of a Subscriber Identity Module (SIM) swapping attack. The mobile communications brand confirmed earlier reports about this issue on December 28, 2022, saying that the SIM cards assigned to these customers’ mobile numbers may have been illegally reassigned, allowing attackers to view a limited amount of account information.
A T-Mobile spokesperson told BleepingComputer that the unauthorized swapping of SIMs is becoming an increasingly common occurrence throughout the mobile communications industry. The spokesperson added that T-Mobile quickly corrected the problem by using existing safeguards as well as several new protective measures. T-Mobile has so far declined to provide details on the specific number of customers who were affected or the method that the attackers used to exchange SIM cards.
SIM Swapping
SIM swapping, also called SIM hijacking, is the act of reassigning a mobile phone number from its current SIM card to a card controlled by attackers. This process generally requires the cooperation of the carriers’ employees, typically through bribery or trickery. The attackers can then use their victims’ phone numbers for various purposes such as bypassing multi-factor authentication (MFA) based on the Short Message Service (SMS) used by mobile phones. This technique allows attackers to change the passwords on their victims’ bank accounts, steal money and personal information.
Prevention
T-Mobile has advised customers to watch for suspicious text or email messages purporting to be from T-Mobile. Customers shouldn’t click on any links in these messages, as they could be phishing attempts to harvest their victims’ credentials. The company also reset the PINs for affected accounts to a randomly generated number. Furthermore, the FBI has provided its own guidelines for protection against SIM swapping after a flurry of these attacks against cryptocurrency users.
T-Mobile has provided its customers with additional information on this latest cyber attack. The information that the attackers were able to access won’t allow them to gain control of a customer’s phone service by fraudulently swapping SIMs or ports. However, the company does recommend updating PINs and pass codes regularly as a good practice. T-Mobile also provides general information on protecting T-Mobile accounts on this support page.
Account Takeover Protection
Account Takeover Protection is a service T-Mobile offers to provide customers with the highest level of protection from unauthorized ports. This feature blocks unauthorized users from transferring a customer’s lines to another wireless carrier, thus ensuring that only customers can use their own numbers. Customers must add Account Takeover Protection to each line on the account individually. Furthermore, the party responsible for billing on the account must contact T-Mobile personally to turn off this feature.
Previous Breaches
T-Mobile has also been the victim of at least six other cyber attacks since 2018, including a similar incident in February 2021 that involved attackers attempting to swap the SIMs of up to 400 customers by using an internal T-Mobile application.
Additional breaches include the access of data for millions of customers by hackers in 2018 and access to the email accounts of T-Mobile’s own employees in 2019. In another attack during December 2020, hackers accessed propriety customer data that included call records and phone numbers. Most recently, attackers gained access to T-Mobile testing environments in August 2021, then used brute force to penetrate its network. T-Mobile also inadvertently exposed data of its prepaid customers in 2019.
T-Mobile flickr photo by JeepersMedia shared under a Creative Commons (BY) license
