AFAIK one can do SIM swap attack if the operator has a contact center that can be socially engineered (or legally enforced, in case of nation state attack) to move your subscriber ID to another SIM.
Then the attacker can request a new credential from services that you have registered with your phone number.
Prevention: never do 2FA via SMS
feline
npub1m6…fwgg6
2024-08-19 12:22:00
in reply to nevent1q…d664
Author Public Key
npub1m6kmamcu340hftjlzzrksgvdkky9hj6lz085yy625g5kmgz5ahkslfwgg6Published at
2024-08-19 12:22:00Event JSON
{
"id": "0a8bcd50af7bd80557e6a9403baa2274c937bc1bbcf6cb7d459673b1ecbd70ee",
"pubkey": "deadbeef1c8d5f74ae5f108768218db5885bcb5f13cf42134aa2296da054eded",
"created_at": 1724070120,
"kind": 1,
"tags": [
[
"e",
"7651924e84c96546ac4a4352f8fa819fe224758deedff2e11c7621b83e1e3bae",
"",
"root"
],
[
"p",
"eda96cb93aecdd61ade0c1f9d2bfdf95a7e76cf1ca89820c38e6e4cea55c0c05"
]
],
"content": "AFAIK one can do SIM swap attack if the operator has a contact center that can be socially engineered (or legally enforced, in case of nation state attack) to move your subscriber ID to another SIM.\nThen the attacker can request a new credential from services that you have registered with your phone number.\n\nPrevention: never do 2FA via SMS",
"sig": "6a4851579316e19ea1ad9781f0ca9ad5d77e460cd6d60aa989b81d8f2b56b47e4bba8e851c5b08de4bf51d9de8f218c015ed63a46356fd9f9ddd3a40207ae222"
}