Originally Posted by
docbert
Many phone providers have added extra layers of security to stop this type of attack occurring. Many more still have not yet done so.
The fact that U.S. and European providers haven't figured this out in 2024 borders on criminal. To move an eSIM in India you either have to make the request by SMS from the old SIM or go to the shop with ID. For physical SIM swaps you have to go to the shop. Either way, the old SIM stays live for a few hours and gets a ton of texts confirming the SIM swap and telling you how to cancel it. And if you miss all of those, the new SIM doesn't get SMS for 24 hours so you have even more time to contact the carrier.
If Airtel and Jio can figure this out for people paying $4 a month, surely "first-world" carriers can do it too.
Originally Posted by
frappant
The other thing to consider. Many people use a Google Voice number for 2FA.
Doubtful you can call Google and get them to change the GV SIM or whatever.
The only way to port a GV number out is to unlock it in your Google account, so to "SIM-jack" a GV number you'd have to get into the Google account, for which we hope everyone is using a good password and 2FA that's not SMS.