Post Friends My journal
dartwalker

​Run away from MTS: the mobile operator is vulnerable to SIM swapping, the millionaire blogger repor

Aug 01, 2022 12:01







SIM-swapping (substitution of a SIM card) is a terrible word for any modern person. Imagine that one morning you wake up and discover that the banking application, social networks and accounts on major cryptocurrency exchanges linked to a mobile phone number are no longer yours. A complete stranger got access to them, and you can only watch your money disappear. Scared? Alas, it is possible.

A SIM card in Russia can only be obtained in person by presenting a passport, so it is almost impossible to steal a phone number at all, the layman believes. Well, except by taking possession of another person's smartphone for a short time. That's right, but not quite.

Popular ticktocker and video bloggerVadim Spiridenkov (Wild Vadik) with an audience of more than 10 million subscribers became a victim of SIM-swapping in February of this year. We decided to tell his instructive story so that no one would have any misconceptions - SIM swapping is also possible in Russia, and you can lose a lot if you don't protect your accounts in time.

What happened

In early February, Vadim suddenly lost access to his social media accounts. They were united by the lack of two-factor authentication and registration to the same mobile phone number. Since accounts are his working tools, the blogger found himself in a difficult position.

It quickly became clear that the attacker had used the procedure of remote reissue of the SIM card of the MTS mobile operator. After activating the new SIM, he easily chose a convenient time (early morning, when everyone was asleep), logged into social networks, changed passwords and took sole possession of Instagram* and Tick-Tok accounts. The tick-Tok account was returned on the same day and the loss was only $ 1000 (the fraudster was able to withdraw them to his card). And the Instagram account returned to its rightful owner only the other day and by some miracle.

Vadim outlined his sad story with a good ending in a video.

How is this technically possible?

The fraudster had a scan of the victim's passport. It is important. When contacting the MTS contact center with a request to reissue the SIM card, it is necessary to introduce yourself, provide the passport data of the subscriber and the address to which you need to bring the SIM card. The SIM reissue procedure is free for subscribers.

And there should be a weak link. Both the Russian Post employee and the MTS courier are required to make sure that the card is received by the bearer of the passport for which the SIM card was registered. An attacker can use a fake document or present a fake power of attorney from the passport holder and, accordingly, a SIM. And he can also somehow persuade a courier or an employee of the Russian Post to issue a shipment without presenting documents.

An interesting detail: the MTS operator, accepting an application for the reissue of the video blogger's card, asked the caller what the last dialed numbers were. The fraudster called the blogger's brother's number, as he knew him personally and assumed that the blogger often talks to his brother.

Another interesting detail is that at the time of making the call, the blogger was using his number as if nothing had happened - that is, he was online, thousands of kilometers away from the fraudster, paying bills and making calls. But this discrepancy did not interest the mobile operator.

Who is to blame

The culprit, of course, is the attacker - he turned out to be the former manager of a popular blogger who took possession of a passport scan legally as a result of cooperation. Knowing some of the facts of Vadim Spiridenkov's life was only to his advantage. However, one most important question remains: what is the role of the mobile operator in all this? The investigation will deal with this. However, the blogger is sure that MTS has serious problems and you should not trust him.

Vadim warns his subscribers in another video:

Guys, I'm telling you seriously. Do not buy MTS numbers and do not keep your accounts on MTS numbers. Because MTS has obvious problems.

How can this be avoided?

You must always enable two-factor authentication on all important accounts. And use special applications for it. Two-factor authentication protects much better than a regular password. Applications generate a verification code that is linked not to the phone number, but to the device itself. And if you have it in your hands, you are reliably protected.

Spiridenkov's case shows that MTS has a vulnerability to SIM swapping, and until this security problem is fixed, you should consider changing your mobile operator. Especially if you have something to lose.

https://coin-signal.com/cryptonews/run-away-from-mts-the-mobile-operator-is-vulnerable-to-sim-swapping-the-millionaire-blogger-reported/
#Away, #Blogger, #Cryptonews, #Millionaire, #Mobile, #Mts, #Operator, #Reported, #Run, #Sim, #Swapping, #Vulnerable
#CryptoNews

#mobile, #millionaire, sim, vulnerable, #swapping, millionaire, swapping, #reported, #vulnerable, #cryptonews, #blogger, #mts, #operator, operator, mts:, #away, reported, run, cryptonews, #run, away, blogger, #sim, mobile

Leave a comment

Previous post Next post
Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.