There may soon be an extra step when switching carriers. | Illustration by Alex Castro / The Verge

T-Mobile will be adding a new layer of security to its port-out process with the addition of a six-digit PIN, according to The T-Mo Report. The new number transfer procedure would reportedly require users to obtain a PIN from T-Mobileโ€™s app or site and provide it when attempting to change their number to a different provider, which could make it harder for bad actors to steal peopleโ€™s numbers.

According to The T-Mo Report, T-Mobile has announced the process internally but hasnโ€™t rolled it out yet to customers. Itโ€™ll also reportedly only be available to postpaid customers to start, not including people signed up through the Lifeline program.

T-Mobile didnโ€™t immediately respond to The Vergeโ€™s request to confirm these plans. The T-Mo Report cited an internal company document it said it had obtained.

PIN protection is a good extra layer of security

Itโ€™s good to hear that T-Mobile may be adding this feature, as it could help prevent SIM-swapping attacks, where a scammer convinces a telecommunications provider to transfer a phone number into their control. As Android Police notes, Verizon and AT&T have already implemented number transfer PINs. While it might not prevent all SIM-swapping attacks (in theory, an attacker with a T-Mobile account and device wouldnโ€™t have to go through the port-out process since the number would be staying in the same network), the PIN requirement can act as another line of defense in addition to T-Mobileโ€™s existing account takeover protection tools.

SIM swap, or porting-out, attacks have seemingly become popular with cybercriminals in recent years and have been implicated in high-profile cases like when then-Twitter CEO Jack Dorseyโ€™s Twitter account was hacked. Theyโ€™re attractive for a few reasons: they provide a wealth of information (many two-factor codes are still sent through SMS), and it can be difficult for a victim to realize theyโ€™ve been attacked and recover from it. The Federal Communications Commission recommends immediately contacting your cell carrier if you suspect someone has swapped your SIM, but that can be difficult to do given that your phone will no longer be functional.

T-Mobileโ€™s reputation for security has taken a few hits recently, as the company has been affected by a string of data breaches and cybersecurity incidents. While some have been relatively minor, one in August 2021 affected over 50 million people.

By

Leave a Reply

You missed

X