Port Out Scam Damage With...

Discussion in 'mobile device security' started by whatsnext, Jun 13, 2021.

  1. whatsnext

    whatsnext Registered Member

    Jun 13, 2021
    What kind of damage could a hacker/scammer do if they manage to port out your number assuming your email is protected with a hardware key?

    Assuming you don't trust SMS-based 2FA and don't have it on all accounts, what is the worst-case scenario?

    Reading the story (and the useful flowchart which is one of the best explanations I've seen) at
    https://medium.com/coinmonks/the-mo...my-life-details-of-sim-port-hack-35de11517124 and trying to evaluate the threat scenarios with and without SMS-based 2FA.

    For example, assuming the scammer doesn't have account credentials but ports out a number, can they take over a sensitive account if they can't hack into your email (assuming no such 2FA)?

    If the account is "protected" with SIM-based 2FA and they don't have the account credentials and can't access the associated email, can they still reset the password using 2FA and take over the account somehow?

    Or does the email have to be compromised under both of these scenarios? I think I'm missing some basic understanding of these models so any insight would be appreciated!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.