Sim swapping is the technique by which an attacker activates a sim with the same line number as the victim, stealing the phone for a period of time that allows him to access all key and access recoverieswhich are guaranteed by the logic of charging the double authentication factors and security token as SMS against the line in question.
Either through deception of the telephone company that provides said line, impersonating the victim or with internal agents in these companies that expedite this deception, Sim Swapping seems to hit politics particularly in our country.
Marcelo D’alessandro, Diego Santilli and Cynthia Hotton were victims of this action in a short time.
How does Sim Swapping work?
To be more clear: they call the telephone provider of the line, they impersonate you and ask to replace the SIM because you bought another phone or lost it. The telephone company does a security procedure, which is almost entirely based on personal questions and asks you to pick up the replacement sim at a brand house or they send it somewhere.
Once the attacker inserts the sim into his phone, he kills the victim’s line, as it two phones with the same number cannot coexist in the network. Unfortunately, the victim takes time to realize that he has lost his line because he continues to receive emails and messages (because he is connected to WiFi).
Clearly, the victim is not “hacked” but the telephone company with social engineering. Regardless of who pays for this hack, the responsibility lies entirely with the telephone companies. And nothing could be done by the victim to prevent this attack.
The Sim Swappin consists of cloning a SIM card to steal the victim’s telephone line.
Although it is a rare crime, it has been growing and has always been aimed at fraud through access to bank accounts. With a clear purpose: the victim’s money. In these mentioned cases, money was not the mobilizing factor, but access to information.
Sim Swapping requires the attacker to know the victim, Google it and know who it is, since they have to answer security questions. Therefore they are not random acts but well thought out with clear and precise objectives.
On the other hand, the telephone companies (absolutely responsible) base their entire operation on the paradigm of “private information”clearly broken some time ago. What is this paradigm about? to ask private data that only the person could know.
For example: Just 10 years ago, who could know your document, your address, your date of birth more than you? Today these data are public or are bought for a few hundred pesos from companies like Veraz or Nosis.
Clearly the paradigm of the question and answer about private information It was a good method in the past that, by not evolving it, the telephone companies sentenced their users to be victims of this scourge.
With that being said, why has Sim Swapping become the rabid toy of services?
In our country, the legal intervention of a telephone by the justice system only shows the incoming and outgoing numbers of the investigated telephone, the duration of the calls, the position of the antennas and only the content of the call made by the telephone line. In my case, I haven’t talked to anyone on the phone for at least 6 months.
Public organizations, politicians and journalists have suffered attempts to steal private data in recent months.
In the 90s, the justice system based most of its investigations on wiretaps, which were also often leaked to the press, depending on the case, since the Internet was more than incipient.
If it is not legal, the services can resort to software such as Pegasus from the Israeli firm NSO, which sells systems to digitally tap phones, that is, hack them and access all their information, including messaging and sound in real time. This software can only be purchased by government forces and is classified as military equipment. Therefore, the use of these software by the left leaves many traces, since it interacts with a provider and the cost to access a single number is around hundreds of thousands of dollars.
Therefore, listening to a phone line is judicially in vain and accessing all the juicy data on the phone can only be done by hacking it, using Israeli software leaving your fingers stuck and paying a fortune or… SIMSWAPPING: which only requires a phone company insider or a skilled social engineer capable of impersonating the victim
Clearly there is not much to think about to choose the cost benefit of each option.
Telegram or WhatsApp: which is more secure?
Telegram achieved its fame, since it was the first of the messaging applications that incorporated the ability to destroy messages from both the sender and receiver daily, weekly or at a defined time. But Telegram has something really wrong, it stores all messages on its servers, therefore improper access to the victim’s account guarantees access to all message information. And if the victim never activates the self-destruct or delete messages, it leaves the history served to the attacker.
When a message is sent in this application from one phone to another, it stays on the phone of the sender and the receiver, but there is no history saved on the central WhatsApp servers. Therefore, for an attacker to access a person’s WhatsApp, they do not have access to the entire history of their communications.
In Telegram, it is essential to activate the “temporary messages” option.
Sim Swapping: how do I protect my mail, Telegram and WhatsApp?
First of all, think that if you use Telegram it is only for the ability to automatically destroy messages after a while, if you did not activate this option, Telegram will work against you in the event of an incident.
In Telegram – go to Settings – Privacy and Security – Auto delete messages and define the length of time that messages remain alive.
Open Telegram again and go to Settings – Privacy and Security – Two-Step Verification and activate it.
On WhatsApp: Activate two-step verification in: Settings – Two-step verification and activate it.
Once you send a Whatsapp message to another phone and you have 60 hours to delete it from your phone and the receiver. After that time you no longer have the possibility of deleting that message on the recipient’s device.
