I was reading an article on password security today and saw a discussion in the comments about hackers bypassing 2FA with what a user described as a “simple” SIM replica. I have friends that work in data security so this isn’t the first I’ve heard of this but I feel like either this is the phenomenon where professionals in an industry understate part of a task (ie. Any “5 minute life hack” video involving 3 or more power tools.) or that there must already be some other system compromise that enables the hacker to -also- acquire whatever is needed to duplicate your SIM card.
In: 9
The hackers, having identified a high value target and acquiring a lot of knowledge about that person, go to a phone shop and say their phone has been lost or stolen and need to buy a new one, or some such other ruse.
The person in the shop them issues a new SIM or even a whole new phone and blocks the old one. Upshot is that the hacker ends up being able to receive calls and messages as if they were got, circumventing the 2FA security many organisations use.
Latest Answers