If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into your bank account or other vital service — they hijack your SIM by impersonating you to your phone company (or by bribing someone at the company to reassign your phone number to them), and this has made the security of phone numbers into a top concern for security experts and telcoms companies, as there are millions of dollars at stake.
Enter Comcast, all-time champion "most-hated company in America," whose Xfinity Mobile cellular service assigns the same unchangeable PIN to every customer: 0000.
But don't worry, Comcast says that this only puts you at risk if you recycle user-names and passwords, and nobody does that.
Because of that 0000 PIN, getting a victim's Xfinity Mobile account number was the main obstacle for attackers. A Comcast spokesperson told Ars that this account number is available only by logging into the Xfinity Mobile Web portal and is therefore protected by a Comcast's user's password. Comcast told Ars that it does not send out paper bills for Xfinity Mobile and does not include that account number in emails to customers, cutting off two potential ways that attackers could get the account number.
Comcast indicated that the number-porting attack affected only customers who reused passwords across multiple sites.
Comcast set mobile pins to "0000," helping attackers steal phone numbers [Jon Brodkin/Ars Technica]
(Image: Specious, CC-BY-SA)
"The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies"
Hackers working for China's government targeted firms working on coronavirus vaccines, and stole hundreds of millions of dollars worth of intellectual property and trade secrets, claims the Justice Department in a statement Tuesday announcing criminal charges.
This is quite a major hack. Now is a good time to change your Twitter password, if you are a user. Hackers pumping a cryptocurrency giveaway scam appear to have compromised the Twitter accounts of leading exchanges, prominent individuals, major corporations, and at least one news organization.
After a successful round of funding on Kickstarter, Fluster: The Social Card Game is now ready to help turn a party or game night into the engaging, surprising, and enlightening social affair you always hoped it would be. A deck of 100 cards, Fluster is chock full of unusual, funny, and thought-provoking questions inspired to […]
Physics may have been that class you sleepwalked your way through in high school. But while it might have just slipped under your radar throughout your academic career, you probably shouldn't have given it such shallow attention. Sure, we could focus on the immediate pluses of a career as a physicist, like the more than […]
If you're out of work…well, first, you have our sympathies. Right now, about 31 million Americans are drawing some form of unemployment benefits, which makes competition for virtually any job savagely fierce. But since nobody wants to wallow in the miseries of unemployment, the only legitimate course left open is to scrap like crazy to […]