Hello, welcome to the Wednesday, March 6, 2019 edition of the San Antonio Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from San Francisco, California.

If you remember a while ago, NIST sort of came out with this document that SMS messages and phone calls in general should not be sort of used as a second

factor and while there are a number of reasons that they came up with this assessment one issue

that has come up with phone numbers is that via social engineering and such they sometimes can can be stolen so someone can, for example,

call customer service to add a second phone to an existing number or even move a number

to a different phone. One way this has been also done is by just porting a number to a different carrier. Now, typically if you

do this, you first have to call your existing carrier. That existing carrier will give you a

pin number, then you call the new carrier and give them this pin number in order for them

to be able to port your number. But apparently Comcast, which is selling a cell phone service under its

Xfinity brand, hasn't really paid attention here.

Instead of assigning all customers random pin numbers,

they just used the default pin of four times zero. This apparently led to multiple

customers losing their phone numbers and also losing money because with these phone numbers,

things like, for example, Samsung's wallet, were also transferred to a different phone. It's not clear if Comcast has fixed this

yet. They came up with a statement saying that they did this for the convenience of the user,

so the user doesn't have to call Comcast for us in case they would like to port the number

to a different carrier. Kind of a little bit odd because the past,

when I have ported my number,

usually the call to your originating carrier,

is then used to try to retain you.

So kind of odd that Comcast would not use this option.

...