- Wireless Account Lock is now available for AT&T consumer and business users alike
- Free feature that can be toggled in the myAT&T app
- The feature prevents SIM-swapping and similar attacks
AT&T has introduced a new feature to protect consumer and business accounts from SIM-swapping attacks.
Wireless Account Lock will be able to disable several key account changes, a key part of SIM-swapping, which can give attackers control of a victim’s phone number and lets them intercept SMS-based two-factor authentication app codes.
“The lock forces an extra step before important account changes can be made,” AT&T said of the new tool. “It prevents anyone from buying a device on the account, for example, or conducting a SIM swap – moving a phone number to a SIM in a different device.”
Malicious insiders and tricked employees
The feature is now available in the myAT&T app for postpaid consumer wireless accounts. There, users can toggle it on or off, adding an extra step before they can upgrade a device, change a SIM or an eSIM card, initiate a phone number transfer, add a new line, change billing information, change authorized users, or change phone numbers.
For business users, there is the Business Account Lock and an AT&T Prepaid wireless account lock with similar functions. For businesses, account admins can find the lock switch wherever they access the account online.
Adversaries typically pull off SIM swapping attacks by tricking or bribing mobile carrier employees, or using stolen personal data to impersonate the victim and convince the carrier to transfer the number to a SIM card they control.
Once successful, the attacker can reset passwords and take over sensitive accounts like email, banking, or crypto wallets.
Although it might sound far-fetched, these types of attacks happen all the time – most recently, Bitdefender reported a student interning at the Société Générale bank was arrested under suspicion of helping SIM-swapping scammers defraud 50 clients.
Via MacRumors
Leave a comment