Community

StewartMann · ‎08-31-2019

The boss of Twitter was hacked today, the hacker transfered his phone mumber to a new number and SIM by social engineering. Basicly they phoned his AT&T and had the number transfered.

Am I right in thinking that this is impossible to do with PM as we control our own account online?

Could a PM store or authorised dealer swap out our number or do they require our PIN?

Korth · ‎09-01-2019

You can submit your phone number for authentication/etc. If you immediately change it. And never advertise it anywhere online except in your PM Self-Serve page.

This might be impossible in practice because google/Apple/etc will still collect everything they can from your contacts lists, calendars, browsing, email, and msg contents - once it's on the cloud it can be cached and copied forever. Not to mention all the data (including your phone number) which can be harvested from your contact's phones.

I think the best defense vs hacking is prevention, simply avoid being a juicy target. And only a fool would use a single master key to open everything he keeps secured. Maybe Twitter only suffered from minor embarassment for a day because preemptive damage containment, or maybe they lost a billion dollars because they're dumb/lazy enough to deserve it.

Of course PM/Telus coukd get hacked - Twitter CEO and AT&T got hacked, even google gets hacked.

Haiggy · ‎09-01-2019

@mimmo wrote:
@StewartMann since porting requires the name on account exatly, then make a slight change in your name. This will help prevent people from porting your number, assuming they dont have access to selfserve.

When done correctly, Public Mobile is probably safer than those with call centers because there's zero chance someone would be calling someone pretending to be you / use other social engineering techniques to trick a call center agent (which doesn't exist with PM) into providing such information as account #'s and SIM details required for porting away as everything is done online on this forum instead. Public Mobile (and other prepaid services) also don't do credit checks, so feel free to make up any name you wanted. When done correctly, you'd be pretty safe from attacks of this sort with PM.

Recovering from one, may be difficult and slow due to the moderators' response time, I agree. Best thing to do is use authenticator apps vs SMS for protection.

mimmo · ‎08-31-2019

@StewartMann since porting requires the name on account exatly, then make a slight change in your name. This will help prevent people from porting your number, assuming they dont have access to selfserve.

cavemantoronto · ‎08-31-2019

@StewartMann wrote:
The boss of Twitter was hacked today, the hacker transfered his phone mumber to a new number and SIM by social engineering. Basicly they phoned his AT&T and had the number transfered.

Am I right in thinking that this is impossible to do with PM as we control our own account online?

Could a PM store or authorised dealer swap out our number or do they require our PIN?

Doubtful. They aren't there for technical support so no reason for them to have access.

GinYVR · ‎08-31-2019

@StewartMannIt is very easy to perform SIM jacking at Public Mobile, especially because the moderators takes a while to respond to crisis..

It is a problem with the porting system between carriers.. You only need phone number, and a combination of the following Account # / PIN or IMEI. In order not to make porting system a long process, every carrier in Canada has to agree on a more secure method for porting.

The easiest way to be secure (besides good internet hygiene?) ? Don't use your phone number as an authentication device, have a spare phone just in case.

Community

SIM Hacking by Social Engineering with PM