Dangers of moving mobile networks and keeping your number.

Moonwolf

dcman said:

Anyone porting their number to any other mobile network shoudl read the SPUSU-EXCEPTIONAALY DANGEROUS RISK - item as the riks highlighted there is VERY real from all the networks

That is one of the threads that prompted this question. 

Phones4Chris

dcman said:

Anyone porting their number to any other mobile network shoudl read the SPUSU-EXCEPTIONAALY DANGEROUS RISK - item as the riks highlighted there is VERY real from all the networks

@dcman NO they are NOT. You can leave people with the completely wrong impression when you don't bother to repeat the advice that you've already been given - TWICE! I've PAC'd numbers several times over the years between multiple MNOs/MNVOs without any problems. And the other thing you shouldn't do is cancel your old provider - the PAC when completed does that. @Moonwolf take note -
Here's the advice again - which clearly needs repeating time and time again for everyone to be aware

1) that I mentioned 

Phones4Chris said:

O2, nor any provider have the right to stop your number immediately because you requested a PAC !!

One thing you should do, is wait until you get your new sim from your new provider, check it works, coverage ok etc. THEN PAC your number to it.

BUT 2) Also the reply you had in your original thread was the same advice

flaneurs_lobster said:

Short version.

Regardless of who your new operator is:

When you order a new SIM don't input a PAC from the old service.

Wait until the new SIM has been delivered, put it into a phone and check that the service is working satisfactorily.

Then give the PAC to the new service operators.

Phones4Chris

Moonwolf said:

flaneurs_lobster said:

Phones4Chris said:

Don't like Authenticator Apps for the simple reason they contain the fact that your have a particular account. With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone.

Authenticator Apps (at least the ones I use) have biometric protection before you can see any details or use them.

Yes, and at least on the iPhone you can press and hold down the app icon and choose “Require Face Id” to force it if it isn’t built in.

With the default configuration on many phones it is possible to read texts from the lock screen so theft of a locked phone can make you vulnerable. With require face id even the theft of an unlocked phone they cannot access the authenticator app unless they have your PIN or apple id password.

I did say With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone so your scenario doesn't apply!
I presume you also think phones can't ever be hacked, I prefer not to take the risk at all.

Frozen_up_north

Do not call O2 asking for a PAC, no need. Follow the advice of the regulator and  text ‘PAC’ to 65075 to begin the process.

https://www.ofcom.org.uk/phones-and-broadband/switching-provider/switching-mobile-phone-provider

Moonwolf

Phones4Chris said:

Moonwolf said:

flaneurs_lobster said:

Phones4Chris said:

Don't like Authenticator Apps for the simple reason they contain the fact that your have a particular account. With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone.

Authenticator Apps (at least the ones I use) have biometric protection before you can see any details or use them.

Yes, and at least on the iPhone you can press and hold down the app icon and choose “Require Face Id” to force it if it isn’t built in.

With the default configuration on many phones it is possible to read texts from the lock screen so theft of a locked phone can make you vulnerable. With require face id even the theft of an unlocked phone they cannot access the authenticator app unless they have your PIN or apple id password.

I did say With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone so your scenario doesn't apply!
I presume you also think phones can't ever be hacked, I prefer not to take the risk at all.

Balance of risks.

Because I use face id I don’t input my pin often, that makes it less of a hassle to have a complex pin, I am less likely to be shoulder surfed because I almost never enter it and I have a very short auto lock time. This makes it quite unlikely someone can get access to my phone in an unlocked state without hacking it.

It looks like the commonest attacks now are theft of unlocked phones, theft of phones when the passcode has been spied; and SIM swap fraud where someone manages to get a SIM with your number and then intercept texts. SIM swap fraud is the worst because it is out of your control, it depends on your mobile provider security.

I haven’t seen a story of a locked iPhone being hacked to steal from someone’s bank other than the use of biometrics of drugged or stolen phone PINs. The Pegasus spyware which was allegedly created by Israel was targeted at high value individuals, not a nobody like me with an average end of month balance of £50 and seems to have been used to get secrets not steal money. Face id on iphones and high end Android phones can’t be tricked by photographs.

Phones4Chris

@Moonwolf Not everyone can afford (or want) iPhones or "high-end" Android phones. So simple basic security is always a good idea (whatever your phone).

JSmithy45AD

Moonwolf said:

Phones4Chris said:

Moonwolf said:

flaneurs_lobster said:

Phones4Chris said:

Don't like Authenticator Apps for the simple reason they contain the fact that your have a particular account. With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone.

Authenticator Apps (at least the ones I use) have biometric protection before you can see any details or use them.

Yes, and at least on the iPhone you can press and hold down the app icon and choose “Require Face Id” to force it if it isn’t built in.

With the default configuration on many phones it is possible to read texts from the lock screen so theft of a locked phone can make you vulnerable. With require face id even the theft of an unlocked phone they cannot access the authenticator app unless they have your PIN or apple id password.

I did say With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone so your scenario doesn't apply!
I presume you also think phones can't ever be hacked, I prefer not to take the risk at all.

Balance of risks.

Because I use face id I don’t input my pin often, that makes it less of a hassle to have a complex pin, I am less likely to be shoulder surfed because I almost never enter it and I have a very short auto lock time. This makes it quite unlikely someone can get access to my phone in an unlocked state without hacking it.

It looks like the commonest attacks now are theft of unlocked phones, theft of phones when the passcode has been spied; and SIM swap fraud where someone manages to get a SIM with your number and then intercept texts. SIM swap fraud is the worst because it is out of your control, it depends on your mobile provider security.

I haven’t seen a story of a locked iPhone being hacked to steal from someone’s bank other than the use of biometrics of drugged or stolen phone PINs. The Pegasus spyware which was allegedly created by Israel was targeted at high value individuals, not a nobody like me with an average end of month balance of £50 and seems to have been used to get secrets not steal money. Face id on iphones and high end Android phones can’t be tricked by photographs.

Serious question, but if you have an average end of month £50 balance, why have an iPhone?

Moonwolf

JSmithy45AD said:

Moonwolf said:

Phones4Chris said:

Moonwolf said:

flaneurs_lobster said:

Phones4Chris said:

Don't like Authenticator Apps for the simple reason they contain the fact that your have a particular account. With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone.

Authenticator Apps (at least the ones I use) have biometric protection before you can see any details or use them.

Yes, and at least on the iPhone you can press and hold down the app icon and choose “Require Face Id” to force it if it isn’t built in.

With the default configuration on many phones it is possible to read texts from the lock screen so theft of a locked phone can make you vulnerable. With require face id even the theft of an unlocked phone they cannot access the authenticator app unless they have your PIN or apple id password.

I did say With a Text at least you can delete that after the verification and no-one is any the wiser that you have a particular account if they get your phone so your scenario doesn't apply!
I presume you also think phones can't ever be hacked, I prefer not to take the risk at all.

Balance of risks.

Because I use face id I don’t input my pin often, that makes it less of a hassle to have a complex pin, I am less likely to be shoulder surfed because I almost never enter it and I have a very short auto lock time. This makes it quite unlikely someone can get access to my phone in an unlocked state without hacking it.

It looks like the commonest attacks now are theft of unlocked phones, theft of phones when the passcode has been spied; and SIM swap fraud where someone manages to get a SIM with your number and then intercept texts. SIM swap fraud is the worst because it is out of your control, it depends on your mobile provider security.

I haven’t seen a story of a locked iPhone being hacked to steal from someone’s bank other than the use of biometrics of drugged or stolen phone PINs. The Pegasus spyware which was allegedly created by Israel was targeted at high value individuals, not a nobody like me with an average end of month balance of £50 and seems to have been used to get secrets not steal money. Face id on iphones and high end Android phones can’t be tricked by photographs.

Serious question, but if you have an average end of month £50 balance, why have an iPhone?

I think iPhones are good value, over the last few years they have kept security updates for at least 6 years, and still work pretty well at 6 years old. Having worked on a project using soft certificates to authenticate to a secure application running on iOS I like the security model.

Also, I don’t have a lot of wealth but I.m certainly not skint.