305 sats \ 3 replies \ @tony_ 4 Sep \ on: What's your reaction to seeing social sign in in bitcoin wallets? bitcoin
Please, whatever you do end up doing, do not rely on SMS for auth. Sim swappers will be all over it if you do.
write
preview
0 sats \ 2 replies \ @AJ1992 5 Sep
You do realize you need to physically have someone's sim card to sim swap them right? Not sure how it works now with esims but being simswapped if you have a physical sim card is virtually impossible
reply
110 sats \ 0 replies \ @endothermicdev 5 Sep
I'm pretty sure you just have to convince a salesperson that you "lost your phone" and get the same number reassigned to a new sim/device. It's the number that's used for SMS based auth, not the sim itself. Social engineering is often a weaker link than hacking or physical theft.
reply
0 sats \ 0 replies \ @tony_ 5 Sep
The threat here is they steal you phone number. There is strong evidence that someone can steal your phone number and is willing to sell that as a service for as little as $1,000 (if its t-mobile, other carriers cost more).
Hackers have also offered t-mobile employees as little as $300 to perform sim swaps, and I'd be willing to bet there were some takers near that price point.
https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/
reply