
Ask HN: Are 'trusted phone numbers' on iCloud vulnerable to the SMS swap attack? - arikr
Go to<p>https:&#x2F;&#x2F;appleid.apple.com&#x2F;<p>Then Security<p>Then Trusted phone numbers<p>My guess is yes?
======
tinus_hn
Trusted phone numbers are part of their two-factor authentication system. So
if you somehow intercept the messages you still need another factor.

It is indeed a weakness though because using one of the other factors (a
password that is reused for the account at the phone operator, an email
address that is both registered to Apple and the operator) you may, depending
on the setup, still be able to gain access to another.

~~~
arikr
Thanks, good to know that. So it at least requires the phone number and
something else - good to know.

------
frogpelt
Good question. Did you mean SIM swap?

~~~
arikr
Thanks. I suppose I mean unauthorized number porting.
[https://www.forbes.com/sites/laurashin/2016/12/21/hackers-
ar...](https://www.forbes.com/sites/laurashin/2016/12/21/hackers-are-
hijacking-phone-numbers-and-breaking-into-email-and-bank-accounts-how-to-
protect-yourself/#1857c07360f7)

