SIM Swapped Entrepreneur Fights Again With New Startup

The primary time he was SIM-swapped in 2018, Haseeb Awan took it on the chin and hoped it wouldn’t occur once more. Then got here the second incident. Then the third. Then the fourth. After the final swap, Awan stopped trusting his cellular supplier to maintain his account protected and took issues into his personal arms: He began his personal cell service firm. 

It was a significant pivot from his former day job working the BitAccess Bitcoin ATM community, an organization he co-founded and which, by the way, made him a primary goal for SIM-swapping.

His new enterprise, Efani, is devoted to stopping an issue that’s all-too-prevalent for cryptocurrency customers – an issue which most cellular carriers, as evidenced by Awan’s personal issues, have didn’t adequately handle.

Sim swapping is a socially engineered hack whereby an attacker ports a sufferer’s telephone quantity onto a SIM card they management. To hijack a cellular account, an attacker might impersonate a sufferer to persuade a customer support consultant to swap the quantity to the brand new SIM card. In additional elaborate circumstances, a SIM swap might happen as an inside job or by the use of bribing a customer support rep.

These socially engineered assaults have grow to be an all-too-common downside within the Bitcoin and cryptocurrency realm, notably for its higher-profile personalities. Sometimes, SIM swappers will goal cryptocurrency customers with the hope of accessing their trade accounts by text-message, two-factor authentication. 

Maybe probably the most well-known instance of this assault vector comes from Michael Terpin, who misplaced some $24 million from a SIM swap, prompting a $220 lawsuit in opposition to AT&T. Loads of different cryptocurrency customers have fallen prey to such assaults and subsequently had their trade accounts drained of funds. The 2020 Twitter hacker was even a part of a syndicate that orchestrated SIM swaps.

Learn extra: Choose Dismisses $200M Damages Declare in AT&T Crypto Hack Lawsuit

Awan is on the lengthy roster of crypto SIM swap victims, which is why he based Efani in 2019.

The corporate operates a bit like a cellular digital community operator. It makes use of the community infrastructure of Verizon, AT&T and T-Cellular to service its clients. However it solely depends on this infrastructure to offer cell protection. All the things else for the $99/month plan, from information administration to customer support, is managed in home based on Efani’s personal practices. 

“Our focus is cyber safety. Different corporations are telecom suppliers which produce other corporations present safety for them. We’re a cybersecurity agency that gives telecom providers.”

In accordance with Awan, most cellular suppliers solely require a telephone and account quantity to make modifications to an present plan. In addition they give customers the choice to set a PIN, however even this layer of safety may be bypassed if the hacker is savvy sufficient. Harder to manage nonetheless are bribes and inside jobs.

Efani’s resolution to this downside? Making it so rattling tough to make modifications to an account that an assault is just about unattainable. 

“You can’t make a change in your account by calling customer support,” Awan advised CoinDesk. “Even in case you name in, they aren’t approved to make any modifications. For one thing like altering a SIM card, you will have to undergo 11 layers of authentication.”

These 11 layers of authentication are the utmost variety of verification strategies out there to Efani customers, whereas each account has a minimal of seven authentication steps when a person desires to  change their SIM card. These verifications contain offering the final 4 digits of the bank card on file, telephone quantity, SIM card quantity, and different info.

“We’ve got made it so rigorous that it eliminates any probability of SIM swapping. Most individuals surrender after the second or third authentication step,” Awan mentioned.

Learn extra: Social Engineering: A Plague on Crypto and Twitter, Unlikely to Cease

Maybe an important characteristic – and the final step for authorizing a change to an account – includes notarizing a letter of intent. Every person should go to a notary public to authorize a change to their service, and this notary is verified by Efani’s authorized workforce.

Even after this last step, a 7-day “cool-off” interval goes into impact earlier than the brand new SIM card may be activated. And it might’t be any outdated SIM card purchased at your native comfort retailer, both; Efani sends every account holder two encrypted SIM playing cards after they enroll with the service, and solely the backup is permitted to hold the person’s quantity if the outdated card is misplaced.

On high of those measures, Efani conducts background checks of all workers, requires multi-employee authorization to make account modifications and shops buyer info in server silos to maintain information segregated. Moreover, buyer names and telephone numbers are saved separate.

Efani’s plans are additionally insured as much as $5 million by Lloyd’s of London for any theft or information breach that…