The Federal Communications Commission (FCC) has outlined its plans to stop SIM swap attacks and robocalls in an effort to protect US smartphone users from fraud and identity theft.
For those who are not familiar, SIM swapping is a technique used by an attacker in which they convince a mobile operator to transfer a victim’s phone number from their SIM card to the one they own and control. . Once in control of a victim’s number, the attacker can receive two-factor authentication (2FA) messages to take over their online accounts.
The FCC Regulatory Proposal Notice suggests a number of ways to deal with SIM card swapping, such as changing the Proprietary Network Information (CPNI) and local number portability rules so that Mobile phone operators must authenticate that a customer is truly who they claim to be. before redirecting their phone number to a new SIM card or device. At the same time, the opinion proposes to require mobile operators to immediately inform customers each time a change of SIM card or a port request is made on their accounts.
In addition to the SIM card swap, these new changes will also address porting fraud that occurs when an attacker poses as a victim and opens an account with another operator in their name. They then organize the transfer or “porting” of the victim’s phone number to the account of the new mobile operator they control.
Automated Call Mitigation Database
In order to combat robocalls, the FCC has set a deadline of June 20 this year for large mobile carriers to implement STIR / SHAKEN protocols, while smaller mobile carriers have received a extension to do so until June 2023. As part of these efforts, mobile operators were required to certify that they had implemented STIR / SHAKEN, although they were also required to submit a detailed plan for mitigation of robocalls to the FCC.
However, as of today, if a mobile operator’s certification and other required information is not in the FCC’s robocall mitigation database, other mobile operators will be banned and Intermediate providers directly accept traffic from these providers. This means that if a mobile operator has not submitted the necessary documents, other operators will not be able to send calls from its network to their customers.
The deadline appears to be working, however, as 4,798 companies have filed their cases in the Robocall call mitigation database and all of the largest mobile carriers in the United States have certified their implementation of the SHIR / SHAKEN protocols. .
FCC Acting President Jessica Rosenworcel provided further details on how the government agency is combating robocalls in a press release, saying:
“The FCC uses every tool it can to tackle malicious robocalls and identity theft, from hefty fines on bad actors to policy changes to technical innovations like STIR / SHAKEN. Today’s deadline establishes a very powerful tool to block illegal robocalls. We will continue to do everything in our power to protect consumers from the crooks who flood our homes and businesses with fraudulent robocalls. “
- FCC proposes rules to fight SIM swap and port-out fraud
- FCC orders telephone operators to enforce illegal robocall blocking
- SIM card exchanger indicted in cryptocurrency theft scheme
- Three is the undefeated champion of an unlimited data SIM card at just £ 16 / pm
- Smarty slashed the price of its unlimited data SIM card to just £ 16 / pm