Lawmakers in U.S. Congress are demanding that the Federal Communications Commission (FCC) do more to hold telecom providers accountable for SIM swap attacks.
According to a letter sent to FCC Chairman Ajit Pai on Thursday, six democrats from the U.S. House of Representatives and Senate have requested that more robust requirements are imposed on mobile carriers, in order to mitigate the risk of such attacks.
SIM-swapping refers to the theft of a cellphone number, which enables hackers to access the target’s cellular identity. With it attackers can hijack online financial and social media accounts, thanks to the fact that firms are increasingly using automated messages and phone calls to handle authentication.
A lot of security mechanisms now rely on mobile two-factor authentication, which is easily bypassed once hackers get a hold of a number. With that out of the way, attackers can reset a victim’s password, steal credentials and wipe personal information.
In its letter, the Democrats point out that the number of complaints relating to SIM swaps has increased significantly from 2016, when it was 215, to 2019, when the number jumped to 728, according to the Federal Trade Commission (FTC).
The letter further mentions a November 2019 article from the Wall Street Journal, which claims that a law-enforcement task force in Santa Clara County was aware of over 3,000 SIM swap victims.
The lawmakers further stated that America’s lack of comprehensive consumer protection policies has contributed to the high number of victims of the crime. While additional security measures have already been adopted by some carriers in the states and abroad, their implementation remains “spotty” in the U.S.
The letter reads:
“Implementation of these additional security measures by wireless carriers in the U.S. is still spotty and consumers are unlikely to find out about the availability of these obscure, optional security features until it is too late.”
The Democrats have further demanded to know how the FCC tracks SIM-swap reports, how many incident reports it had received, if it has investigated such hacks in the past, and more.
As previously reported by The Chain Bulletin, one of the most famous SIM-swapping cases was the one of cryptocurrency investor Michael Terpin. He lost over $20 million to a SIM-swapper in 2018, and later sued his cell coverage provider AT&T for failing to protect him. He alleged that the company’s employees worked with the hacker.