The National Communications Entity (Enacom) determined that mobile phone operators must modify their
current security system
and adopt biometric recognition when changing a new SIM card, in order to avoid cases of identity theft and hacking.
This information was confirmed by the vice president of Enacom, Gustavo López, in response to a request by federal judge María Servini for the regulatory body to adopt the necessary measures to prevent the hacking of cell phones through the method called "SIM Swapping" .
This modality, which has been in force for some time, was allegedly used in the recent hacks suffered by the Buenos Aires Minister of Security and Justice, Marcelo D'Alessandro, and the national deputy of Together for Change (JxC), Diego Santilli.
To carry out this type of attack, the hacker, with a blank SIM card -generally obtained illegally- contacts the operator to report an alleged
theft or loss of the card
SIM Card, SIM card.
The person trying to clone the chip needs the original SIM to stop working, since it is not possible to have the same number activated on two devices simultaneously.
To achieve its goal, it needs the original SIM information to be removed.
The spy uses deception and social engineering techniques to communicate with the service provider company and report an alleged
destruction or loss
of the card.
The problem is that the operators do not usually verify with great rigor the identity and the required data, such as address, birthday, document number or name.
Information that is relatively easy to obtain, especially in the case of public figures.
What emerges from this situation is how easy and simple it is to deceive an operator into agreeing to the request to transfer the account to another SIM card since the previous one was, in theory, no longer used.
Once the duplicate is obtained through SIM Swapping, the attacker only has to insert the card.
Once the company moves the connection data to the brand new chip, the device will be recognized by services and applications as the
bearer of that number
The risk is that the attacker has a free hand to access all the information and data of the victim's account.
From calls to even SMS, you can also activate WhatsApp and other messaging applications by validating the phone number.
From then on, you are in complete control.
In a few steps you can access your bank application and steal your money by making transactions to other accounts.
And although it requires a verification code to do so, the attacker has access to the customer's mobile line, so they just have to copy and paste the code they receive.
Verify through the face
The biometric scanner will be mandatory.
With the new change proposed by the Government, companies are going to have to add new verification steps focused on biometrics.
According to industry estimates, there are some 300,000 complaints per month that reach companies, although the SIM Swapping scam;
Specifically, it represents only
0.05% of computer attacks
By the end of this month, Enacom will publish a resolution with the specifics of the implementation of the biometric system that will cover all cell phone companies.
The telephone companies maintain that the implementation will not be easy.
Above all, because the cheapest lines of cell phones do not include biometric recognition.
It is also not clear if each company will have to use its own database or if Renaper's database will be used.
Ransomware does not stop: 85% of companies were attacked in 2022
A classic returns: how is the new "premium" Walkman from Sony that everyone compares with the iPod