In the third week of October, Michael Terpin released an open letter to the Federal Communication Commission (FCC) chairman Ajit Pai, urging the chairman to take action against a form of identity theft called “SIM swapping.” Terpin claims to have lost $24 million in cryptocurrency from two Subscriber Identification Module (SIM) attacks within seven months.
Terpin is an investor, advisor, and marketer who has been in the cryptocurrency space since 2013. His current firm, Transform PR, focuses on 3D, big data, Bitcoin, digital media, mobile, and robotics. Despite his experience in the cryptocurrency industry, Terpin was still attacked through fraudulent actors manipulating a mobile service provider’s use of SIM technology.
Terpin isn’t the only high-profile individual to suffer from exploitation tactics used by black hat hackers. Other notable SIM swapping attacks in 2019 have included:
- Jack Dorsey, the CEO and founder of Twitter, had his account hacked, where the fraudsters posted a slew of offensive messages.
- Seth Shapiro – a two-time Emmy Award-winning media and technology expert, author, and adjunct professor at the University of Southern California School of Cinematic Arts – had a total of $1.8 million stolen from him due to a SIM swap.
- Sean Coonce, engineering manager at cryptocurrency custodian, BitGo, was SIM swapped and lost over $100,000 in less than 24 hours.
- “The Community” hacking group stole $2.5 million of cryptocurrency, using the help of former employees of mobile phone providers.
The SIM card has offered access to mobile networks since its inception in 1991. However, in the RevoKind IDENT™ Network, physical SIM cards have become an unnecessary and obsolete piece of hardware that needs to integrate with a mobile device. RevoKind has created a new solution that enhances security and data integrity using its blockchain technology to virtualize SIM’s on an intelligent communication network.
What is a Subscriber Identification Module (SIM) card?
A SIM card is a physical circuit board that integrates into a mobile phone. The card identifies and authenticates users to access a particular telecommunication or mobile network (i.e., AT&T, Verizon). Without a properly functioning SIM card, network users can not access the communication features of the device or the carrier network.
Examples of services that require SIM cards include a mobile internet network, text messaging, and making phone calls.
If a user’s phone is lost or stolen, or they are switching to a new service, then the customer can typically call the mobile carrier’s customer service and port their telephone number to a new device with a different SIM card. A new SIM card purchased off the internet or a retail store can cost as little as $5, and anyone can buy one.
Coupled with readily available public information, bad actors can emulate one’s identity by using their target’s phone number. Celsius Advisory Group has gone as far as saying phone numbers have become the “master key” that grants access to various financial, email, and social media accounts.
How does SIM swapping work?
SIM swapping, also known as a port-out scam, simjacking, and SIM splitting, typically has two types of attack methods. First, by targeting two-factor authentication (2FA) methods placed by text messages or calls to a mobile telephone by using details and information about the customer/user. Second, by bribing or coercing an employee of a mobile telecom provider who has access to customer information and the ability to migrate their phone number to a new SIM card.
To target a customer’s 2FA, the hacker can elicit the necessary information from phishing emails or through buying the information from organized criminal entities. Types of information that can be used include social security numbers or home addresses.
In a socially engineered attack, the scammer will contact the carrier and impersonate the customer by acting as a victim of theft or loss. The scammer will then try to convince the telephone company they’ve lost their phone and to port the victim’s phone number to the scammer’s newly purchased SIM card.
If the scammer is successful, the SIM swapping victim will lose access to their mobile network.
Once the customer’s phone is deactivated, the scammer can gain access to the customer’s phone number and personal information, such as banking information, credit card information, social media accounts, email accounts, or cryptocurrency exchange information.
Currently, the only viable solutions to mitigate identity fraud with physical SIM card technology is to hide customer pins and passwords from employees, inform customers that they can opt into higher security plans with “no port” options, and/or request the FCC initiate an “immediate, comprehensive” study with recommendations for mandatory reforms by carriers.
The RevoKind IDENT™ Network Solution
To eliminate the risk of various SIM swapping attacks, RevoKind has natively incorporated blockchain-based virtual SIM (vSIM) technology into the IDENT™ Network. With IDENT™ vSIM technology, the SIM is no longer required to be physically installed or embedded into a mobile device. However, IDENT ™ vSIM technology is backward compatible with embedded SIM (eSIM) technology currently in use and allows for multiple vSIM’s to validate use by a single device. Granting multi-carrier and network access for that device.
When a new user joins the IDENT™ Network, they register through an application that collects biometric data (i.e., thumbprint, facial recognition) and personal identifiable information (PII). The individual subscriber identity is secured with a combination of biometrics, AI, cryptography, and blockchain to create a virtual replication of a user’s identity. The identity data and information is not stored on a physical SIM card, but on an immutable blockchain ledger. The user can then purchase and activate each vSIM on an authorized device using their subscriber identity information stored on an immutable blockchain.
Once the user is authenticated, vSIM enables remote provisioning via the IDENT™ Network for a customer who wants to attach their phone number to a new mobile device on a specific wireless carrier network. The same process can then be completed for additional vSIM’s for access to other wireless carrier networks. Additionally, through the IDENT™ Network, customers will not need to call a customer service representative when seeking to disable lost devices or provision a new device; they will verify their identity through the IDENT™ Network and administer devices themselves.
By removing third parties responsible for the administration of SIM cards, the RevoKind IDENT™ Network gives the customer control of their identity, devices, carrier plans, and eliminates SIM related fraud for both the customer and wireless carriers.
RevoKind is a blockchain network solutions company developing an AI and autonomous real-time data communication system with distributed ledger technology. The technology stack offers an identity and security solution that is fast and globally scalable to meet the needs of users and networks across various industries.
As an enterprise technology company, RevoKind is driving the future of communications and information sharing through advanced internet architecture. Patent-pending technology options make it easy for businesses to adopt and customize a unique enterprise-ready blockchain-based infrastructure.
Currently, RevoKind’s core communication and blockchain technologies are licensable for network integration in telecommunication networks. RevoKind software offers a new standard of blockchain network solutions for businesses and governments that want a competitive edge.
RevoKind’s first product, IDENT™, is an identity solution that provides virtual SIM (vSIM) with remote provisioning and a rich feature set of communication and distributed ledger technologies.