Response to a Princeton study on SIM swapping
On January 10th, a study from Princeton University came out finding that some wireless carriers were vulnerable to sim swapping techniques. Even though we can’t speak to specific details of their experiments pertaining to US Mobile as they were not shared with us for further analysis.
We can surmise from the report that they were likely attempting these sim swaps via phone calls to our support. We think in US Mobile’s case, the study overlooked the fact that US Mobile is the only fully digital wireless carrier in the report. This means that 90% of our customer interactions happen over our progressive web app.
US Mobile has historically received less than 1% of its SIM swapping requests over the phone. Furthermore, SIM swapping over the phone to our CSR’s is no longer possible. They must be initiated from authenticated status while signed in to our app or dashboard. Considering that the study failed to take into consideration that US Mobile was fully digital, it does not reflect how the majority of SIM swapping happens at US Mobile.
In addition, we believe the best security measures come from leveraging technology with AI, ML and big data because it helps create more secure environments without creating roadblocks and additional hassle for our customers.
Arguably, every technique in their Table 1 on its own is vulnerable and can be greatly enhanced by the types of technology and tools we have in the backend.
US Mobile’s approach to security and protecting customers from SIM swapping can be found here. We hope that some of these practices can be adopted by other major carriers and companies.