T-Mobile Cyberattack Reportedly exposed Customer Info and SIMs

T-Mobile has suffered another cyberattack after being rocked by a massive data breach in August.

This time around, attackers accessed “a small number of” customers’ accounts, according to documents posted by The T-Mo Report.

According to the report, customers either fell victim to a SIM swapping attack (which could allow someone to bypass SMS-powered two-factor authentication), had personal plan information exposed, or both. The document shows that the customer proprietary network information that was viewed could’ve included customers’ billing account name, phone and account number, and info about their plan, including how many lines were attached to their account.

This summer, the carrier confirmed that a data breach exposed almost 50 million customers’ data, with the attacker accessing social security numbers, names, and dates of birth. (A person who claimed to be the hacker went on to call the company’s security practices “awful.”) The information reportedly exposed in December’s breach is less sensitive (and the documents say the customers who had their SIMs swapped have regained access), and is likely not as large in scope. We weren’t able to find widespread reports from customers that said they’d received notification letters.

T-Mobile’s support account has seemingly confirmed that there was a breach, responding to people on Twitter to say that it’s taking “immediate action” to help individuals who were put at risk by the attack.

Is it about time YOU protected yourself?

efani Most Secure Mobile Phone Service Prevent Eavesdropping, Remote Access & Location Tracking SAFE Encrypted Secure Your Identity & Phone NOW AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams

T-Mobile suffers a data breach, again

According to a new report, T-Mobile has undergone a small-scale data breach days before the year 2021 ends. The news comes a few months after the company suffered a large-scale data breach in August 2021. The new data breach affected a small number of users who were allegedly a target of a SIM swapping attack.

According to the report, many T-Mobile customers received the “unauthorized activity” notification from the mobile carrier. “That activity was either the viewing of customer proprietary network information (CPNI), an active SIM swap by a malicious actor, or both,” explains the report from The T-Mo Report. In simple terms, customers who were the victim of the breach were a target of a SIM swapping attack or had their personal information exposed, or both.

 

efani – A Comprehensive Guide on Silent SMS Denial of Service (DoS) Attack

When delivered to a mobile handset, silent messages, also known as Silent SMS or Stealth SMS “stealth ping”, or “Short Message Type 0”, are not indicated on the display or by an acoustic alert signal. This guide will concentrate on the technicalities of sending a silent SMS, as well as sending multiple incessant silent SMSs to perform a silent SMS denial of service (DoS) attack. These silent messages are increasingly being sent not only to perform DoS attacks but also to force the constant update of users’ or victims’ location (tracking) information.

What is Silent SMS or Flash SMS?

Silent SMS was originally intended to allow operators to detect whether a mobile phone was turned on and test the network without informing the user. They have, however, proven useful in the tracking down of suspects by police in a number of countries.

Using the GSM Network, silent SMS can pinpoint the exact location of a mobile phone. We can find a user by identifying the three antennas closest to him and then triangulating the distance based on the time it takes for a signal to return. When a person moves, their phone’s location is updated; however, the information is not updated immediately. The location of the mobile is instantly updated when a Silent SMS is sent. This is extremely useful because it allows you to locate someone at a specific time based on the airwaves.

ICYMI – In cellular communication networks, the SS7 (Signaling System No. 7) protocols are critical. Unfortunately, SS7 has a number of flaws that a malicious actor can exploit to launch attacks. Location tracking, SMS interception, and other types of signaling attacks are significant examples of these.

[TIP: EFANI’s Black Seal Protection against such hacks such as SS7, location tracking, DDoS, Silent SMS, IMSI Catchers and so on]

The Silent SMS Denial of Service (DoS) attack is one of the more intriguing attacks. A typical DoS attack floods a network with excessive traffic, rendering its computer resources inaccessible to users. The same concept applies to mobile devices.

Source: Croft, N. J., & Olivier, M. S. (2007). A silent SMS denial of service (DoS) attack

The Silent SMS Denial of Service (DoS) attack is one of the more intriguing attacks. A typical DoS attack floods a network with excessive traffic, rendering its computer resources inaccessible to users. The same concept applies to mobile devices. Without the victim’s knowledge, a device can be flooded with silent SMS messages. Texts swamping the victim’s device will utilize the battery abnormally while preventing the device from receiving calls.

Targets Location Tracking

Malefactors who exploit SS7 protocol vulnerabilities frequently target location information and tracking. A silent SMS could be sent to the target mobile device to force it to update the existing (normally the closest) serving base station onto the mobile network in order to identify the target’s location.

The device user will not be notified if a message is received, as in a Silent SMS DoS attack. However, unlike a DoS attack, there are no visible signs that an attack is taking place. As a result, the victim is completely unaware that they are being followed.

SIM cards are also a major target because they use Wireless Internet Browsers (WIB), that are not adequately secured. Telecommunications companies use Over the Air (OTA) technology to communicate with WIBs in order to manage SIM cards.

Evil people can essentially send a silent SMS containing WIB instructions. The instructions are executed once they have been received on the victim’s device. At this point, the malefactor has several options, including obtaining location data, initiating a call, sending an SMS, or even launching a web browser with a particular URL.

The Culprit: Who is behind the Silent SMS attacks?

Though it has reportedly been used by authorities and governments in the past, the decreasing costs of equipment and broadband access have made this attack vector accessible to malefactors with little technical knowledge.

Why are silent SMS attacks so risky?

Cellular attacks that take advantage of the SS7 protocol are nothing new. However, due to the covert nature of silent SMS attacks, it is difficult to detect them before it is too late. As a result, silent SMS attacks are a compliance nightmare. A breach cannot be detected and, as a result, cannot be reported in accordance with the law. Invisible DoS attacks, OTA malware, and unauthorized location tracking are all dangerous, if not disastrous.

It is incumbent to bring this to readers’ attention that not only SS7 attacks are next to impossible to detect when they take place, but they also leave practically no traces in terms of forensics. The forensic investigator has little to no data to extract and analyze from the victim’s device.

This is, of course, unless the victim has an application on their mobile devices that is specifically supposed to detect and triangulate silent SMS.

The investigator may be able to examine the traffic on the cellular network and possibly detect the unprecedented number of messages sent. Sadly, the investigator must have the victim’s mobile in hand to confirm a real-time attack.

Who is vulnerable to a Silent SMS attack?

It is not critical for most users to have their location tracked or to lose wireless access due to a DoS attack. Attackers are most likely to target executives, VIPs, celebrities, crypto enthusiasts, and governments.

Attacks will almost certainly result in significant financial losses for enterprises, whereas national defense is at stake for governments. They must also consider the possible harm that could be accomplished if an attacker is able to install malware on the device by exploiting WIB vulnerabilities on SIM cards.

The much-needed protection

The one and only effective way to identify and prevent such attack vectors is at the network level (speaking of mobile here). This necessitates the use of EFANI’s Black Seal Protection aimed at “plugging” the security vulnerabilities left by the primitive SS7 protocol, which is still in use presently.

Currently, most of the defense against silent SMS DoS attacks is left to individuals (going through such emotional stress) and cybersecurity professionals in companies, who (unfortunately) have little or no tools to do so. For telecom companies since this pandemic means taking a global approach to SS7 protection. It thus necessitates the implementation of appropriate safeguards and security mechanisms to prevent their networks and registered user devices from such hacks.

Unfortunately, traditional cell phone companies are not doing much to protect you. But it is not all bad news, there is a cellular phone company named efani that has stepped up and made it more difficult for hackers. efani offers the nation’s most secure mobile service and claims a 100% success rate.

The SAFE plan comes with a 100% money-back guarantee for 60-days. and includes:

*11 Layer Proprietary Military Grade Security
*Unlimited Call/Text/Data within US/Canada & Mexico
*5G Access on America’s Largest & Fastest Network
*Wi-Fi Calling
*Keep your Current Number
*International Data-Roaming
*$5 Million Insurance Coverage (includes: Crypto, Banking, Brokerage & Other Losses)

Try efani RISK-FREE for 60 days with a 100% Money Back Guarantee!

Take action NOW and secure your assets, privacy, and your phone by calling toll free 1-833-693-3264 or visit the website below

efani Most Secure Mobile Phone Service Prevent Eavesdropping, Remote Access & Location Tracking SAFE Encrypted Secure Your Identity & Phone NOW AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams

Keywords: Secure, Private, Anonymous, Q, Trump, thenfg.com, Certified, Military-Grade, End-to-End, Encryption, Cell Phone, mobile, SIM, SIM Swap, $5 Million Insurance, Bitcoin, DOGE, Ethereum, Litecoin, BTC, NFT, Crypto, 5G, 4G/LTE, 3G/HSDPA, 2G/EDGE, WiFi, High Profile People, efani, thenfg.com, Crypto Investors, Executives, Lawyers, Fund Managers, Financial Industry, Influencers, Accountants, Anyone Concerned about Securing their Fiances & Personal Information, Public Figures, High Net Worth Individuals, Media, Music, Film, Politics, Famous People,