Jump to content
Join Sheffield Forum for FREE and join in the discussion! ×
Join Sheffield Forum for FREE and join in the discussion!

Hacker contacted mobile phone provider.

By swarfendor437 in Computer & Tech Chat

Recommended Posts

swarfendor437    14

swarfendor437
Posted

Colleague at work told me of an in-law who is tech savvy lost his mobile number and all contacts via a hacker who contacted his mobile provider (Tesco mobile) stating he was moving his SIM to a new phone. Only alerted to the fact via text from provider saying they were acknowledging his request. By the time he had contacted customer support it was too late and now no mobile! 

Share this post

Link to post
Share on other sites

Happ    25

Happ
Posted

How would the contacts be lost; they are stored on the phone rather than the sim now?

Share this post

Link to post
Share on other sites

ez8004    10

ez8004
Posted (edited)

Seriously, who the hell is stupid enough to keep their contacts on the SIM card nowadays?

 

Also, the victim obviously isn't that tech savvy for picking a mobile provider with such weak user authentication.  There should not be anyway a person is able to impersonate them if they didn't have knowledge of the person in the first place.

Edited by ez8004

Share this post

Link to post
Share on other sites

andysm    17

andysm
Posted (edited)

This sort of mobile account takeover is sometimes used to gain access to text-based 2FA codes in order to allow the attacker to take over more of the victims accounts.

Edited by andysm
Typo

Share this post

Link to post
Share on other sites

swarfendor437    14

swarfendor437
Posted (edited)

Thanks to everyone's responses - as to the mobile provider - is there any weaknesses of O2 network? Also is GiffGaff just as weak as Tesco mobile as it too piggy backs off O2 - So is vodafone or EE more secure - bearing in mind alchresearch's quote from The Register? Perhaps if he had installed Comodo Mobile Security and had anti-theft settings it would locate the new sim with existing phone if he had logged in to Comodo anti-theft locator? That's what I have on mine.

Edited by swarfendor437

Share this post

Link to post
Share on other sites

Ghozer    112

Ghozer
Posted

if the contacts were stored on the SiM, changin SiM's wouldn't erase those contacts, the SiM just would no longer connect to the mobile network, contacts will still be there...

Likely that it was stored on google or iCloud, and the password/account was accessed, and all contacts / details that way...

having hacked an account, they would then have access to all the persons details, enough to call Customer Service, and pass data protection and verification....  and hence move the number to a new SiM!

But loosing contacts, (Unless, like I said above, the account was compromised) would be impossible without local access.... (Unless it was an iPhone, and they got into iCloud / FindMyPhone and used the "erase my phone" option)

Share this post

Link to post
Share on other sites

andysm    17

andysm
Posted

Security depends on the customer service reps, the company procedures and how well trained the CSRs are. I don't know if Tesco Mobile have their own CSRs or use the same ones as O2. GiffGaff support is via the GiffGaff support website, I don't think they have any telephone based support. Mobile account takeovers are usually a human problem rather then a technical one.

Share this post

Link to post
Share on other sites

Ghozer    112

Ghozer
Posted
4 hours ago, andysm said:

Security depends on the customer service reps, the company procedures and how well trained the CSRs are. I don't know if Tesco Mobile have their own CSRs or use the same ones as O2. GiffGaff support is via the GiffGaff support website, I don't think they have any telephone based support. Mobile account takeovers are usually a human problem rather then a technical one.

That may be, but there's also a legal minimum amount of verification needed for Data protection purposes, so regardless - the hacker likely got into some account (social media, icloud, email, anything) and used the details to login to which ever website, or call the CS etc.... there's NO way ANYTHING can be deleted from a phone REMOTELY (other than the iPhone one  i mentioned) without it first being setup to do so.... which would need physical access...

Share this post

Link to post
Share on other sites

swarfendor437    14

swarfendor437
Posted

I've been updated on this situation - will let you know what the outcome is once known, but can't say any more than that at present for various reasons.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Close   I accept