Two different security flaws have assisted the exposure of T-Mobile and AT&T customers’ account PINs. The PIN codes are an extra layer of protection for mobile accounts, obligated to make modifications to an account.
PINs Exposed
Apple’s online store had a security vulnerability which revealed over 77 million T-Mobile customers’ account PINs and partial Social Security numbers. The phone insurance company, Asurion, also had a security vulnerability which displayed PINs of AT&T customers.
“Asurion takes customer security and privacy very seriously, and as such we have an ongoing, layered security program in place to prevent security issues. We are investigating the researcher’s concerns, but have immediately implemented measures to address these concerns to ensure customers’ accounts are safe,” stated Asurion spokesperson Nicole Miller.
Why Are PINs Important?
Although the websites’ vulnerabilities were corrected, PINs were still compromised. If an attacker obtains a PIN, they could confiscate a phone number. From there, an attacker can use two-factor authentication to further obtain access to bank accounts, emails, and social media accounts.
The recent SIM Swapping Schemes demonstrated how easily hackers can commandeer cell phone devices and receive all incoming calls and texts to another phone. Since the recent vulnerabilities, T-Mobile and AT&T sent alerts prompting customers to create new PIN numbers to secure their accounts.
Brute-Force Attacks
Customers are prompted to identify themselves with a cell number, and either an account PIN or the last four digits of their Social Security number when making purchases through the Apple’s store.
Hackers use a brute-force attack which is a hacking software that runs different numeric combinations until the correct sequence is automated. For T-Mobile accounts, an infinite entry attempts are allowed, eventually cracking the code. For other carriers (Verizon, Sprint, and AT&T), a limit of attempts prevents brute-force attacks by hackers, locking them out for 60 minutes after five to ten incorrect submissions.
Two-Factor Authentication
As another layer of protection, websites use cell phone numbers to verify users as a form of identification. When a phone number is compromised, any online account can be reset by SMS or two-factor authentication.
Despite these vulnerabilities, a cell phone PIN is the second line of defense against attackers. Longer PINs are harder to crack with brute force technology, but four digit codes are hacked in a “reasonable time frame.”
Updating your PIN each year and making it a unique code that you don’t use anywhere else is one the best ways to keep your account secure.
Original Article Found Here.