Encrypted messaging apps like Signal and Telegram are trusted by hundreds of millions of users worldwide to deliver messages in a relatively secure manner. While apps like Signal are typically well regarded for their encrypted messaging, they are architected with a security Achilles heel — their reliance on insecure phone numbers.
Signal and Telegram users are currently vulnerable to SIM-swap attacks because they’re using traditional telco phone numbers. In Signal, if you ever see a message that says “Safety number with name changed,” you have no way of knowing whether this was done intentionally by the person you think you’re messaging, or the result of a bad actor.
When a user registers for a service like Signal, they start by entering their phone number. Signal then sends a SMS message to that phone number with an access code. To complete the registration process, a user includes the access code they received by text message into the Signal app. The risk here is that when a hacker performs a SIM-Swap attack, the hacker convinces the phone company to route messages for that phone number to the hackers phone. This then allows the hacker to become the owner of the Signal account associated with your phone number.
Because this verification process is performed when someone registers a new phone with an existing phone number in Signal without first properly transferring the number, it is impossible to distinguish whether this action was done by the existing number owner or by a hacker executing a SIM-swap attack. Unfortunately most users are notorious for ignoring messages like this.
How Does 3NUM Remove This Security Risk?
When using an 3NUM instead of a traditional phone number on Signal or Telegram, these communications transmit over data networks, so there is no SIM card associated with your number to compromise. When a legacy phone number (e.g. +1–555–1212) sends a message to a user that has an 3NUM, it is sent to the 3NUM Relay Servers, then encrypted and sent to the owner of the 3NUM. With this approach, you can say goodbye to SIM-swap attacks.
You can read more about how this works here (bridge to sms article)
We are building towards a future where current phone number vulnerabilities become a thing of the past while we simultaneously transition the current 5.1 billion phone users into web3.
Join our Discord Server here: https://discord.gg/cxFU8NvCYV
Follow us on Twitter here: https://twitter.com/3numdao
Stay up to date with our newsletter: 3num.co