That way you could target someone. You would then have to find out someone’s password through another method. If that succeeds, you could, for example, log into someone’s email account or steal bitcoin, for example.
The problem, which has now been solved, was discovered by the informant who contacted the NOS. He found that he can skip a verification step when porting a Lebara number.
The NOS then succeeded three times to transfer a telephone number that was already in the possession of the NOS to a new SIM card.
To transfer a SIM card, you need two SIM cards: the old one with the number to be transferred and a new one with a temporary number. You actually have to confirm that you have them for both SIM cards by typing a code that is sent by SMS. This should prevent you from taking over someone else’s telephone number.
But it also turned out to be possible to perform the verification twice on the new SIM card, and not once on the SIM card to be taken over. The number was then transferred without any problems, Lebara confirms. “That is of course very annoying.”
The provider immediately took the switch module off the air after reporting by the NOS and then solved the problem. “It’s a wake-up call,” said the spokesperson. “It shouldn’t be able to happen again.”