| Title | A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Faircloth, Christopher, Hartzell, Gavin, Callahan, Nathan, Bhunia, Suman |
| Conference Name | 2022 IEEE World AI IoT Congress (AIIoT) |
| Keywords | Brute force, brute force attacks, Collaboration, Computer hacking, cyber attack, Data Breach, Databases, Force, Human Behavior, human factors, identity theft, passwords, policy-based governance, pubcrawl, Scanning and Enumeration, SIM Hijacking, SSH tunneling, Systems architecture, T-Mobile, tunneling |
| Abstract | The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data. |
| DOI | 10.1109/AIIoT54504.2022.9817175 |
| Citation Key | faircloth_study_2022 |
A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft