In a blog post, security researchers said that many mobile operators aren’t asking the difficult security questions to ensure the caller is the legitimate mobile phone user.
Researchers pointed to a particular Princeton study, where researchers made around 50 attempts across five North American prepaid telecom companies to see if they could successfully port a stolen number (their own) to a SIM card.
The research showed that in most cases a threat actor only needs to answer one question right when questioned by their customer service representative reset the password on the account and port the number over.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.