Once you have a Google account you could look at location history, emails, pictures etc. For those this article is intended, I hope you know the level of access an email account can bring.
Other motivators for this attack could be: I wanted to Identify what networks were like dealing with the PAC issue procedure for their customers and I started working on some research.
So feel free to read the Vice Post inspired by this research instead.
In fact, let’s first cover porting a number over without the fraud.
I knew it was a little bold, but I decided to carry on with it, mitigating the concerns I had with legality and ethics with some minor tweaks to the original plan.
The assessment was far from scientific and it wasn’t repeated 50 times to get any kind of meaningful statistics – it was to serve as a proof of concept, after hearing a lot about Sim Swap Fraud in 2015 I had wondered if this was media hype or was this actually still a concern.
The reports from victims are distressing, people’s lives have been uprooted in a second and the impact doesn’t stop with a phone issue.The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen.For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar.I would then provide them with the minimum amount of information requested to obtain a PAC number, in places where the call handler requested poor information for validation such as ‘last top up amount’ incorrect answers were given in order to really push what a malicious caller could get away with.The results are what they are, please don’t make a judgement on a whole phone network based on this post alone, but I hope it gives a certain transparency to key areas of improvement within these household name brands.I navigated the menus until finding the customer retention/sorry you are leaving us extension. A few minutes later an operator called back and took my details.