Just curious.

I used eSim for a while when I first got a phone that supported eSim, because I wanted to make it harder for a thief to disable the phone tracking, but now my main phone is broken and I’m a bit annoyed at having to chat with customer support for half and hour to activate eSim on another device.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      That hijacking risk applies to both. If you’re able to social engineer a telephone worker, they could move your account to a different SIM card completely.

      My best advice, is to use Google voice, Google Fi, lockdown your number for SMS two factor. A Google account and lockdown mode, with physical security keys, is not going to get hijacked by anything less than a state actor.

      Then your local phone, your local phone number, local SMS, none of that should be on your escalation path to authentication. Then you don’t care if somebody steals your sim.

    • neutron
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Phone numbers and SMS should never have been involved with user authentication beyond simple contact info. Smartphones really ruined it.