home.aspx
 
. https://threatpost.com/social-engineering-telcos-phone-hijacking/144495/
blog article
LAX TELCO SECURITY ALLOWS MOBILE PHONE HIJACKING AND REDIRECTS
A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls. As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for instance) and even verifying that a person is at the account address by calling a landline are all well-known features of the authentication process when making account changes. At the Security Analyst Summit 2019 in Singapore last month, David Jacoby, a Swedish member of Kaspersky Lab’s global research and analysis team (GReAT), presented a short, five-minute presentation called “Exploiting Telco Support Teams for Fun and Profit.” He explained how Swedish telcos ask only for a bare minimum of information from callers – and publicly available information at that –  before agreeing to make account changes to specific numbers. This has led to real-world attacks where victims have found their mobile phone calls hijacked and redirected to a rogue number. READ MORE