Home  ›  News  ›

AT&T, T-Mobile Customer PINs Left Exposed by Security Flaws

Article Comments  

Aug 25, 2018, 9:26 AM   by Eric M. Zeman   @zeman_e

Two different security flaws affecting the customers of AT&T and T-Mobile were revealed this week. The security gaps could have given hackers access to customer account PINs, which would in turn allow them to potentially hijack the customers' SIM cards. AT&T customers were left vulnerable by the insurance provider Asurion. When initiating claims through Asurion's web site, hackers could have gleaned PINs through a form that failed to have a limit on attempts to enter the PIN correctly. This opened the door for brute-force attacks. T-Mobile customers were left vulnerable by the Apple Store app on iPhones. The issue left an opening on a web page that bridged the Apple Store with T-Mobile's account verification system. Similar to the Asurion issue, the Apple Store didn't place a limit on the number of attempts for PIN entry. This also permitted a brute-force attack to guess the number. Both Asurion and Apple resolved the lapses after they were brought to their attention. The T-Mobile vulnerability left some 77 million customers exposed. The number of customers impacted at AT&T is not known. SIM hijacking allows hackers to essentially copy the identity of a legit phone that can then be used to verify identify in apps and services that used SMS-based two-factor authentication.

BuzzFeed News »

more news about:

AT&T
T-Mobile
Apple
iOS
 

AD

Comments

This forum is closed.

This forum is closed.

No messages

 
 
Page  1  of 1

Subscribe to news & reviews with RSS Follow @phonescoop on Twitter Phone Scoop on Facebook Subscribe to Phone Scoop on YouTube Follow on Instagram

 

All content Copyright 2001-2019 Phone Factor, LLC. All Rights Reserved.
Content on this site may not be copied or republished without formal permission.