Customers of Google Fi have been notified that SIM switching attacks are allowed as a result of the exposure of personal data owing to a data breach at one of its primary network providers.
Google Fi, formerly Project Fi, is an MVNO (Mobile Virtual Network Operator) telecommunications service by Google that provides telephone calls, SMS, and mobile broadband using cellular networks and Wi-Fi. Google Fi makes use of networks operated by T-Mobile and U.S. Cellular.
Customers of Google Fi received notifications from Google this week that their phone numbers, SIM card serial numbers, account status (active or inactive), account activation date, and information about mobile service plans had been compromised.
“Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third party system and notify everyone potentially impacted,” according to the notice to customers.
“There was no access to Google’s systems or any systems overseen by Google.”
Google Fi uses networks operated by T-Mobile and U.S. Cellular. Although Google Fi employs a combination of T-Mobile and US Cellular for network connectivity, the company has not identified the network provider responsible for the hack.
In response, T-Mobile disclosed another vulnerability recently that allowed a malicious actor to access the information of about 37 million customers through an API.
“This is another example of where subcontracting services to others can result in problems for the main organization. While this practice is fairly common when issues arise, the results can still be significant”, Erich Kron, security awareness advocate at KnowBe4.
“Given the history of breaches related to T-Mobile, it would have been wise for Google to require additional and more stringent security measures than perhaps T-Mobile currently has in place.”
Hackers Targeting With the SIM-Swapping Attack
Unfortunately, threat actors were able to carry out SIM swap attacks on some Google Fi customers as a result of the exposed technical SIM data. One customer even claimed that the hackers had gained access to their Authy MFA account.
Threat actors utilizing SIM swapping attacks to get mobile carriers to port a customer’s phone number to a SIM card they control.
Through the utilizing of social engineering, the threat actor mimics the identity of the victim in these assaults and asks that the number be ported to a different computer for some reason.
Further, they disclose sensitive personal information that could be utilized in phishing scams and data breaches in order to persuade the mobile carrier that they are the customer.
When contacting a mobile customer support representative, the Google Fi data breach would have been even more convincing given that it contains phone numbers, which are easily linked to a customer’s identity, and the serial number of SIM cards.
The threat actors would then have access to the victim’s text messages, including MFA codes, enabling them to access online accounts or take control of services protected by a person’s phone number.
Customers affected by SIM swap attacks received a separate notification from Google revealed that the attackers briefly managed to migrate their phone numbers to another SIM. However, there was no compromise of user voicemail.
Go to Source
Author: Guru