Reply to post: Re: Bah

5G SIM-swap attacks could be even worse for industrial IoT than now

JetSetJim Silver badge

Re: Bah

This seems to be along the lines of: "black hat convinces telco to port an account from an IoT SIM to their own SIM". This means the IMSI will change, but the MSISDN (phone number) remains the same.

All the IoT user needs to do is have in their servers an IMSI authentication routine that is completely decoupled from the Telco authentication scheme - i.e. maintain your own list of IMSIs and check against that (assuming the black hat can't spoof it anyway, in which case you're screwed no matter what you do)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020