I was reading an article on password security today and saw a discussion in the comments about hackers bypassing 2FA with what a user described as a “simple” SIM replica. I have friends that work in data security so this isn’t the first I’ve heard of this but I feel like either this is the phenomenon where professionals in an industry understate part of a task (ie. Any “5 minute life hack” video involving 3 or more power tools.) or that there must already be some other system compromise that enables the hacker to -also- acquire whatever is needed to duplicate your SIM card.
In: 9
You’re correct. To duplicate your sim they either need physical access to your sim or they need to get access to (or from) your provider who (since SIM authentication is symmetric key based)
If course SMS is unencrypted so if they are proximate to you, then might just use passive monitoring to intercept the 2FA code and act before you do to compromise the account.
Latest Answers