Email
Password
Remember meForgot password?
    Log in with Twitter

article imageSecurity vulnerabilities at AT&T, T-Mobile and Sprint

By Tim Sandle     Aug 28, 2018 in Technology
Security analysts have detected security flaws with systems at AT&T, Sprint, and T-Mobile. These security issues could have resulted in customer data being accessible to hackers. The issue at each telecommunications company was unrelated.
The security flaws at each of the telecommunication companies meant that would-be attackers could have used brute-force attacks to reveal customer PINs or personal information. In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. One example of a type of brute force attack is known as a dictionary attack, which might try all the words in a dictionary.
News of the cybersecurity risks comes from BuzzFeed News. This relates to two flaws that allowed customer information to be vulnerable at AT&T and T-Mobile. With T-Mobile’s case, an apparent “engineering mistake” falling between Apple’s online storefront and T-Mobile’s account validation API meant that an unlimited number of attempts could be made to access a customer's online account, leaving the online route open to a brute-force attack.
The same type of problem also existed with the smartphone insurance company Asurion and its AT&T customers, according to The Verge. This related to an online claims form, which also permitted any person with a customer’s cell phone number to make unlimited attempts to guess a customer’s passcode. Again the system was open to a brute-force attack.
In an earlier issue this year, T-Mobile and AT&T have issued customer alerts about the rise in SIM hijacking. This is where hackers forward a victim’s calls and texts to another phone. Both companies recommended that their customers to create new PIN numbers in order to protect their accounts.
In a different area, TechCrunch has reported that security analysts were able to access an internal staff portal at Sprint. This was due to “weak, easy-to-use usernames and passwords.” Furthermore, two-factor authentication was not in place. This mean that a bad actor could access customer account information for Sprint, Boost Mobile, and Virgin Mobile. Sprint is the fourth largest U.S. cell network with 55 million customers.
With the three cases, each company has reported that the vulnerabilities have been fixed and that customer data is no longer at any risk.
More about Cybersecurity, Security, At&t, Tmobile, Sprint
More news from