| HN Mirror

How is this supposed to work? Efani seems to just be a MVNO, there’s no way they can protect you against attacks on the carriers they resell.

The language on the page is downright hilarious “11-Layer of Military Grade Authentication”.

It's a hybrid of MVNO and reseller & I can challenge that we can protect. Happy to give you a bounty if you're able to break into the system.

>Happy to give you a bounty if you're able to break into the system.

Yeah, the problem here is that since you’re a MVNO the easiest angle of attack would might just be to go for the big MNOs that you resell (Verizon, ATT, Sprint,Tmo). You can’t really offer bounties for such attacks, and I can’t see how you could defend against them either.

We can because due to our relationship, we control the # and they don't. We've a slightly different arrangement. Think of that you've ATT and you're roaming in Canada on Rogers network. Rogers employee can't port you out or do funny things to your account. Similarly, we're using their network but they can't access your account

You control the #, sure. But what specific technical measure prevents the carrier from associating that customer line with another sim card?

The fact that you control the # might defend against port-outs, I don’t understand how that could prevent SIM swaps though.

Carriers don't have access to the customer account. They don't even know who the customer is and our SIMs have a different serial number

during SS7 attack your phone is pushed to deprioritize to a lower network. We've programmed our SIMs against that so if SNR goes high, we don't abide to default settings. This does take out 99% of the attacks . Looking into a setting to inform customers the moment we believe there is any such attempt

xivzgrev 2280 days ago

That’s interesting - I wonder how it actually works, other than some hand wavy military technology?

I want to know how it would’ve prevented this social engineering attack

Hey - I am Haseeb Founder of Efani. So we deploy atleast 11 ways to authenticate a user over couple of weeks to make sure that this is a legitimate request + use some manual & automated processes to kill any illegal attempt

So how do you protect against attacks on your MNOs?

Sure, you can make porting difficult. That doesn’t get you very far.

Can you be more specific with your question ? All the port out are blocked by default & no have access to your account # + our UI & our system is in different silos . Finally we've a $5M insurance policy

For most users the problem is someone intercepting their text messages and then using that access to rob them. Port-outs are one way to accomplish this, but certainly not the only way.

Can you defend against sim swap attacks if your MNO is compromised, how?

Where can I read more about your insurance policy? I can’t find any specific details on your website.

I am updating the website within a week so that'll have the complete information. Just rebuilding it to aspire some more confidence in the product honestly.

We do defend against SIM swap attacks because MNOs can't access our account

gruez 2280 days ago

I'm guessing he's talking about SS7 attacks. Sure, you do everything on your side to prevent sim swaps or the numbers from being ported out, but all of those measures are moot if they're bypassed at the carrier level.

Not really SS7 attacks, it seems that this service is just built on top of regular MVNO/reseller APIs offered by the big carriers that we already know to have serious trouble with not getting hacked.

They might be able to protect you against regular port-outs, but not SIM swap attacks performed by people who’ve compromised carrier infrastructure.

I strongly recommend against Family plans because this connects your family to you which makes them vulnerable as well