www-community icon indicating copy to clipboard operation
www-community copied to clipboard
verified publisher icon OWASP

sim swapping

Open flip111 opened this issue 5 years ago • 13 comments

I read more and more articles about the dangers of sim swapping. Would be nice to have some guidelines on how to prevent such attacks.

Example article https://www.vice.com/en_us/article/pke9zk/paypal-and-venmo-are-letting-sim-swappers-hijack-accounts

flip111 avatar Apr 06 '20 18:04 flip111

Isn't that more of an OS/HW level issue than app/web app?

kingthorin avatar Apr 06 '20 18:04 kingthorin

I don't think so because the topic is cross cutting many technologies and also can involve social engineering. But for (web) app specifically it would at least be a good idea to advise against sending out plain passwords over sms.

flip111 avatar Apr 06 '20 18:04 flip111

Fair enough

kingthorin avatar Apr 06 '20 19:04 kingthorin