According to the firm, the addition of a PIN to the port-out process will bring a new layer of protection to the operation. According to an internal document obtained by The T-Mo Report, the new number transfer procedure would require users to obtain a six-digit PIN from T-app Mobile’s or site and provide it when attempting to change their number to a different provider, making it more difficult for bad actors to steal phone numbers in « SIM swapping » attacks.
T-Mobile Media Relations confirmed to BlueHillco that the company is « implementing Number Transfer PINs to add an additional degree of security to safeguard consumers from unwanted port outs. » These PINs will be activated shortly. »
According to The T-Mo Report, the process would initially be available exclusively to postpaid users, excluding those who have signed up for the Lifeline program.
PIN protection adds an additional layer of security.
It’s encouraging to hear that T-Mobile may be implementing this functionality, as it could aid in the prevention of SIM-swapping assaults, in which a scammer convinces a telecoms operator to transfer a phone number into their possession. Verizon and AT&T have already implemented number transfer PINs, according to Android Police. While the PIN requirement may not prevent all SIM-swapping attacks (in theory, an attacker with a T-Mobile account and device would not have to go through the port-out process because the number would remain on the same network), it can act as an additional line of defense in addition to T-existing Mobile’s account takeover protection tools.
SIM switch, or porting-out, assaults appear to have gained popularity among hackers in recent years, and have been linked to high-profile crimes such as the hacking of then-Twitter CEO Jack Dorsey’s Twitter account. They’re appealing for a few reasons: they convey a plethora of information (many two-factor codes are still transmitted over SMS), and it can be tough for a victim to recognize and recover from an assault. If you believe someone has replaced your SIM card, the Federal Communications Commission suggests calling your cell provider right away, but this can be difficult given that your phone will no longer function.
T-reputation Mobile’s for security has suffered recently as a result of a series of data breaches and cybersecurity incidents. While some have been modest, one in August 2021 affected more than 50 million people.
Update March 17th, 6:55PM ET: Added confirmation and statement from T-Mobile.