T-Mobile NOPORT is a hidden setting that will help protect your account from SIM hijacking

tmobile-logo-large

SIM hijacking is a serious problem nowadays that involves hackers tricking a wireless carrier’s customer service into giving them control of your phone number, which they can then use for other nefarious things. Today it’s been revealed that T-Mobile has a secret tool to help combat this SIM swapping attack.

A T-Mobile feature called NOPORT aims to make it much more difficult for someone to perform a SIM swap. As discovered by Motherboard, when NOPORT is enabled on your account, T-Mo requires a customer to visit a retail store and present a government-issued photo ID in order to have their number ported to a different carrier or get a new SIM card.

T-Mobile doesn’t officially advertise this NOPORT feature, but Motherboard‘s Lorenzo Franceschi-Bicchierai was able to get it added to their account when they asked T-Mobile customer support about it. They were previously the victim of a SIM swapping attack.

T-Mobile Port Validation does add a layer of security to your account that requires a PIN or passcode on your account before your phone number can be ported out. NOPORT adds another layer of security on top of Port Validation, but it’s not known if that’s a feature that every customer can enable, and if not, which customers can get it.

When asked about the existince of NOPORT, a T-Mobile spokesperson said, “As you know, port validation is a standard security feature applied to all T-Mobile accounts through the use of a PIN/passcode. We do take other security measures, at our discretion, to protect against extreme cases of fraud. I am not able to go into other detail.”

While NOPORT isn’t guaranteed to protect your account from all attacks because a dedicated hacker could try using a fake ID or another way to circumvent it, it doesn’t hurt to have an added layer of security on your account. SIM swapping can cause major issues for anyone affected by it, and so any help in preventing that is welcome. It’s unclear how T-Mobile decides to offer NOPORT to customers, but if you’re concerned about getting SIM swapped, it could be worth asking a customer service rep to add it to your account.

Source: Motherboard

Tags: , , ,

  • riverhorse

    NOPORT plus pin sounds good, especially the latter…anyone can get fake id. Although– many, many years ago stores would auto assign birthdate as pin when opening account.

    • Since NOPORT relies on humans, I think this is weak.

      PIN is probably the best one if enforced by software.

      I.e., if PIN is simply enforced by a human, than this is really weak.

  • matt

    yeah but what about going to AT&T, verizon and sprint to port out? how does NOPORT present that? do i show my government ID to their stores? i guess you have to go to a t-mobile store, present id to have NOPORT turned off, so you can PORT OJT?

    maybe the way i read it, this NOPORT just prevents someone from doing an in network sim replacememnt???

    • SirStephenH

      “As discovered by Motherboard, when NOPORT is enabled on your account, T-Mo requires a customer to visit a retail store and present a government-issued photo ID in order to have their number ported to a different carrier or get a new SIM card.”

      The article answered your question. You have to go to a T-Mobile store to have your number ported to another carrier.

    • BobbieDooley

      They may say it’s for “Security of the account” but what it also does is enable T-Mobile to not follow the law when it comes to transferring to a new service provider.

      For every 1 “exception” to T-Mobile operating procedure, that causes a “security breach”, I imagine 10-20 legitimate customers will be stuck at a T-Mobile competitor because the customer “forgot” to disable the NOPORT security feature.

  • Mike Smith

    Exciting to see T-Mobile again leading the way. SIM jacking is a serious issue in the age of two factor identification.

  • steveb944

    My issue was new accounts being setup in a different state. Now we have a code to prevent that.

  • Guillermo Eduardo Ortega-ibarr

    This old more then a year I swap Sim a lot that’s how I find out

  • Ronin

    The real problem is the dependency on phone/sms for 2 factor authentication. That is why they are targets. In today’s world, while better than nothing, it is not enough.

  • SirStephenH

    “As discovered by Motherboard, when NOPORT is enabled on your account, T-Mo requires a customer to visit a retail store and present a government-issued photo ID in order to have their number ported to a different carrier or get a new SIM card.”

    Great, So T-Mobile can nickel and dime us with all the in-person fees it recently added.

    • JJ

      They will provide a free sim card for a damaged one and they will not charge you to port your number.

    • BobbieDooley

      Yeah, I remember T-Mobile had issued a news release about “Assisted Service” fees. These are fees which customers have to pay, so that customers avoid going to the retail stores. If the SIM card is mailed, it’s supposed to be free… But who wants to wait 3-7 days for a SIM card to be sent in the mail..?

      Must have been the result of retail employees not being paid for customer service.

  • MisterListerSir

    Still waiting for them to officially support eSIM on Android devices. I’ve got a P2XL and a Pixel 3aXL I’d love to use with eSIM…

    • Dominimmiv

      Your statement is completely unrelated to the story.

      • RealLifeJasonBourne

        Aw.. I bet he’s real sorry that he didn’t realize the forum police were on call. I’m sure he’d be happy to receive your list of Rules and Regulations that all those commenting must follow.

        …or is this actually an open forum?

  • Yonatan Ben Magen

    This is would be a perfect application for block chain verification

  • BobbieDooley

    I remember during the 2000 terrorist issues learning that IMEIs are broadcast with the SIM’s TIMSI/IMSI

    Why doesn’t T-Mobile triangulate GPS, block the phone’s IMEI; and also work on proactively reporting crimes to the police when their network is used in a fraudulent/criminal manner..?

    I mean hell, when I put my AT&T SIM in a different phone, I get a message from AT&T telling me that the IMEI on the account has been updated. Is T-Mobile aware of this technology?