[ryanlol]

How is this supposed to work? Efani seems to just be a MVNO, there’s no way they can protect you against attacks on the carriers they resell.

The language on the page is downright hilarious “11-Layer of Military Grade Authentication”.

[ahaseeb]

It's a hybrid of MVNO and reseller & I can challenge that we can protect. Happy to give you a bounty if you're able to break into the system.

[ryanlol]

>Happy to give you a bounty if you're able to break into the system.

Yeah, the problem here is that since you’re a MVNO the easiest angle of attack would might just be to go for the big MNOs that you resell (Verizon, ATT, Sprint,Tmo). You can’t really offer bounties for such attacks, and I can’t see how you could defend against them either.

[ahaseeb]

We can because due to our relationship, we control the # and they don't. We've a slightly different arrangement. Think of that you've ATT and you're roaming in Canada on Rogers network. Rogers employee can't port you out or do funny things to your account. Similarly, we're using their network but they can't access your account

[ryanlol]

You control the #, sure. But what specific technical measure prevents the carrier from associating that customer line with another sim card?

The fact that you control the # might defend against port-outs, I don’t understand how that could prevent SIM swaps though.

[ahaseeb]

Carriers don't have access to the customer account. They don't even know who the customer is and our SIMs have a different serial number

[ahaseeb]

during SS7 attack your phone is pushed to deprioritize to a lower network. We've programmed our SIMs against that so if SNR goes high, we don't abide to default settings. This does take out 99% of the attacks . Looking into a setting to inform customers the moment we believe there is any such attempt