Due to the disclosure of personal information as a result of a data breach at one of its leading network providers, Google Fi customers have been informed that SIM-swapping attacks are permitted.
Previously known as Project Fi, Google Fi is an MVNO (Mobile Virtual Network Operator) telecommunications service that offers mobile broadband, SMS, and phone calls across cellular networks and Wi-Fi. T-Mobile and U.S. Cellular's networks are used by Google Fi.
This week, Google Fi customers received emails informing them that information regarding their cell service plans, SIM card serial numbers, account status (active or inactive), account activation date, and phone numbers had been hacked. Google added that no personal data, including complete names, email addresses, credit card numbers, SSNs, tax IDs, government IDs, account passwords, or call or SMS contents, were present in the compromised systems.
According to the notice to customers, "Our incident response team undertook an investigation and determined that unauthorized access occurred. We have worked with our primary network provider to identify and implement measures to secure the data on that third-party system and notify everyone potentially impacted." "Neither Google's systems nor any systems under Google's control were accessible."
T-Mobile and U.S. Cellular's networks are used by Google Fi. Although T-Mobile and US Cellular are used by Google Fi to access the internet, the company has not revealed which network provider was hacked.
T-Mobile responded by disclosing a further vulnerability that gave unauthorized users access to the data of around 37 million subscribers via an API. "This is another instance of how giving subcontracting work to others can cause issues for the primary business. Although this procedure is frequently used when problems develop, the outcomes can still be important, according to Erich Kron, a supporter of security awareness at KnowBe4.
It would have been prudent for Google to demand more and stricter security measures than what T-Mobile now has in place, given the history of hacks involving T-Mobile.
SIM-Swapping Attack - A Target for Hackers:
Unfortunately, because of the leaked technical SIM data, threat actors were able to perform SIM swap attacks on some Google Fi consumers. Even one consumer reported that their Authy MFA account had been compromised by hackers.
To get mobile carriers to port a customer's phone number to a SIM card they control, threat actors utilize SIM swapping attacks. The threat actor poses as the assault victim using social engineering and requests that the number be ported to a different device for whatever reason.
In order to convince the mobile carrier that they are the customer, they also divulge private information that might be utilized in phishing scams and data breaches.
The Google Fi data breach would have been even more convincing when calling a mobile customer care person given that it comprises phone numbers, which are easily connected to a client's name, and the serial number of SIM cards. Once the threat actors had access to the victim's text messages, which included MFA codes, they could access online accounts or take over services that were password-protected by the victim's phone number.
Customers who experienced a SIM swap attack were informed separately by Google that the attackers had briefly been able to move their phone numbers to another SIM. The user voicemail was not compromised, though.
"On January 1, 2023, your mobile phone service was switched from your SIM card to another SIM card for approximately 1 hour 48 minutes. The illegal access during this temporary transfer may have included using your phone number to make and receive calls and text messages. Your voicemail could not have been accessed despite the SIM transfer. Your SIM card's Google Fi service has been restored." – Google
One SIM-swapping attack victim shared his story on Reddit, detailing how his email, financial, and Authy authenticator app accounts were all simultaneously hijacked. According to Bleepingcomputer, the man claims that despite his efforts to halt it by alerting Google Fi, customer care ignored him. Because they were able to receive my SMSes and circumvent SMS-based 2-fac, the hacker utilized this to gain control of three of my internet accounts—my main email, a financial account, and the Authy authenticator app -according to Google Fi customer.
Please do not enter any spam link in the comment box.