My wife and I have been customers of Freedom Mobile since the end of the year. And I have to admit that one thing that does give me cause to pause is the Freedom My Account Web Portal located at https://login.freedommobile.ca. I say that because in the age of SIM swap attacks, I question if this web portal can adequately defend against a threat actor who wanted to do either or both.
First let me explain what a SIM swap attack is. This is where a threat actor takes over the SIM card on your cell phone by porting the number from the SIM card in your phone to a SIM card inside a phone that they have control over. Why would they want to do that? Well, if you have text message based two factor authentication set up, those authentication messages will now come to the threat actor’s SIM card instead of yours. Which means that if they already have your user name to a given online account that relies on two factor authentication, you’re pwned because they can reset the password to said account to get in, assuming that they don’t already have the password. If you want an example of how bad a SIM swap attack could be, take a look at this article written by Brian Krebs on a very large scale SIM swap attack that affected 130 organizations.
Here’s a couple of examples of why SIM swap attacks are dangerous. Late last year I wrote about telephone scams from threat actors pretending to be Rogers, TELUS, or Bell, offering great deals and a new phone to the unsuspecting. But in reality, what the threat actors were doing was that they were trying to get victims to hand over the two factor authentication codes that victims got via email or text message so that they can get into the victim’s account and order a new phone for shipment overseas. Now imagine if they could just focus in on the text message group by doing a SIM swap so they don’t even need to call you to do that. Or how about this? A threat actor does a SIM swap attack and is able to get the two factor authentication codes for your bank account. Then they proceed to drain your bank account dry. Clearly these are non trivial results of a SIM swap attack, which is why the security that telcos provide to stop these attacks need to be top shelf.
Now here’s why I question if Freedom Mobile is doing enough on this front. When you go to https://login.freedommobile.ca, you see this:
Here you will be asked to enter your Freedom Mobile phone number and a four digit PIN number that you chose when you set yourself up to access this web portal. Realistically, Freedom Mobile needs to have proper accounts with proper passwords. And have a password complexity requirement. For example, all passwords need to be a minimum of eight characters with one capital letter, a number, and a special character ($%#& for example). I say that because I can see a scenario where a threat actor who tries a credential stuffing attack by trying various combinations of the PIN number to see if they can get into the account. To be fair, I have not tested this which means that I have no idea if Freedom Mobile can defend against this attack. But seeing that only four digits are in play here, if I were a threat actor, that’s what I would try first as I have “only” 9999 possibilities to work with. Which from a security perspective is pretty weak.
The other thing that Freedom Mobile should do is move away from delivering the two factor authentication via text message. I say that because of this:
Once you enter your Freedom Mobile number and enter the PIN you get to choose the phone number that you want a text message with a two factor authentication code delivered to, and confirm that phone number.
Here’s where you get to enter the security code that you get via text message.
Now I will admit that there’s a lot of hoops that a threat actor would have to hop through to pull an attack on Freedom Mobile off. But as evidenced by the Brian Krebs story, threat actors if they are motivated enough and believe that there’s value in doing so will find a way to pull this sort of attack off.
But let me hand some free advice to Freedom Mobile to help them to kill off this potential attack vector. My current bank of choice is CIBC. Their mobile app has an option to receive verification codes via push notification rather than text. So if you try to log into the CIBC website, you’ll get a push notification on your phone as long as the CIBC app is installed on your phone. That does two things. First a SIM swap attack won’t work because it’s not tied to your phone number. Second, if your phone gets stolen you can kill push notification access to that phone. Now for Freedom Mobile to do something like this, it would require them to do a real phone app rather than the one that they presently have which only replicates the exact functionality of https://login.freedommobile.ca in a mobile friendly way. But that would be something that would be a worthy endeavour in my opinion.
Now I will put it out there that I could be completely off base here and Freedom Mobile may have security measures “behind the curtain” so to speak that addresses my concerns. If they do and they are willing to go on the record about how they protect customers from this sort of attack, I’d love to hear from Freedom Mobile about this and publish a story with their response. To be clear, I don’t expect them to tell the world exactly what they are doing. But Freedom Mobile addressing these concerns would be a smart move on their part because I am sure that their customers would love to hear how they are being protected from SIM swap attacks among other threats that exist in the world in 2024.
After Christmas my wife and I made the move to Freedom Mobile from TELUS. I’ve also written about their network coverage a couple of times as well as helped a couple of people who had issues with Freedom Mobile set up their iPhones to maximize their experience on it. The only thing that was left to report on in my mind was our billing experience as from previous personal experience as well as the experience of my clients, this is where things can go badly. Now I wouldn’t call this bad as such. But I will explain why Freedom Mobile should really do a better job of explaining what will happen on their first bill among other things that I will get to in a second. Let’s start with the billing part. And let me use this breakdown to illustrate what I mean:
I’ll get to the circled part of this in a second. But going through this bill, everything up until the (Watch) section of the bill was what I was expecting. What I wasn’t expecting was a $45 connection fee for the Apple Watch. I say that because when we signed up, we were told by the Freedom Mobile staff that they would waive the connection fee for each phone. Which they did. However they didn’t tell us about the $45 connection fee for the Apple Watch. The thing is that the connection fee for the Apple Watch is easy to find on their website:
On the Freedom Mobile website, if you find the Apple Watch plan and click the question mark in the circled area, you see this:
There you will find the mention of the connection fee. Which means that it’s in Freedom Mobile’s interest to tell customers about it. And while I admit that while I am not your average person when it comes to tech, I can say that if I had signed up online I would have clicked on the question mark and read the details and said “Oh okay” and moved on with life as I would know what to expect. But we were not told about this fee at the kiosk that my wife and I went to. That in turn led to us being caught off guard when our bill arrived. No to be clear, my wife and I aren’t mad as we both know that telcos will find new and creative ways to extract money out of your pockets whenever possible. Thus this fee isn’t a shock to us. But if I were a “Joe Average” consumer, I can see a scenario where they would be mad and call into customer support to express their displeasure as they would perceive that the connection fee for the Apple Watches should have been waived as well. And I would pity the Freedom Mobile employee on the other end of that call as it likely wouldn’t be pleasant.
Now combine that all of what I wrote above with this experience that my wife and I had when we signed up for Freedom Mobile:
Now originally my wife and I went to the Sherway Gardens location as we had to do some other things in that mall. Thus it was one stop shopping. But when we started talking to the staff there, they said that Apple Watch plans are not something that Freedom Mobile offers and the only company that does is “TELUS and maybe Bell”. Even when I showed them Freedom Mobile’s website on my phone which clearly lists Apple Watch plans as an option, they denied it was even a thing.
What both of these experiences suggests to me is that Freedom Mobile needs to make sure that their employees are better equipped with a deep understanding of their product offering, as well as being able to be completely transparent about billing and expectations so 100% of customers have the best customer experience 100% of the time. I say that because from a tech perspective, I think based on what I have experienced so far that Freedom Mobile is going in the right direction. And Freedom Mobile’s pricing is on point. But the customer experience needs work. If they take care of that, the “big three” telcos may have trouble holding onto their customers.
After I posted this story, I got an email from a reader who wanted some help in terms of making sure that his iPhone would get access to Freedom Mobile’s nationwide access. In short when he was in a Freedom Mobile coverage area, everything worked fine. But the second he left a Freedom Mobile coverage area, he’d get no service. Upon learning that he had an iPhone 13, I knew what the issue was. What he needed to do is do the following on his iPhone:
Go to Settings
Go to Cellular
Click on Cellular Data Options
You’ll see this screen:
The important part here is to turn on Data Roaming. That way, if you step outside a Freedom Mobile coverage area, you’ll roam onto their nationwide network without an issue. Now if you are on Team Android, I have you covered:
Go to Settings
Select Network & Internet
Select Mobile Network
Make sure that Roaming is turned on
Another reader emailed in asking how to set up WiFi calling on her iPhone. Here’s how to do it:
Go to Settings
Go to Cellular
Click on Wi-Fi Calling
To turn it on, you have to turn on the setting “Wi-Fi Calling on This iPhone”
Once you do that, you’ll be taken to a screen where you’ll be asked to enter your home address. Do so and agree to the terms and conditions. If you’ve done everything correctly, you should see this:
If your WiFi calling screen looks like this, then you’ve done things correctly. And for those on Team Android, try these instructions:
Open the Phone app
Tap the three-dot icon on the right
Tap Settings
Tap Calls if you have a Google phone or if you run stock Android. Skip this step if you don’t.
Tap Wi-Fi calling.
Are there any other questions about Freedom Mobile that you’d like me to answer? Leave a comment or drop me an email and I’ll do my best to respond to you.
So since switching to Freedom Mobile, I’ve had the chance to do some basic speed testing of their 5G speeds. But before getting to what speeds I got, let me throw this out there. I wrote this some time ago about the fact that up to a certain point, the speed that you have doesn’t matter as nothing can really leverage that speed. So all of these telcos who are advertising how fast their mobile speeds are really doesn’t matter because nothing on your phone can leverage this speed. Having said that, I am sure that there’s a certain amount of bragging rights for a telco if they have the fastest speeds around.
Now with that out of the way, here’s what I got during my brief testing of Freedom Mobile’s speeds. This is an example of a speed test result that I got:
I also did testing in a variety of places around Toronto and got speeds as low as 47.9 Mbps downstream in downtown Toronto, and as high as 112 Mbps downstream in Central Etobicoke. And these speeds that I am seeing are more than enough to stream a video or do a video call for example. Pages on the web browser of your choice will load fast as well. Thus I doubt that you’re going to be lacking anything. And keep in mind that Freedom Mobile is in the process of expanding their 5G network over the next two years beyond their current footprint of Toronto, Vancouver, Calgary, Edmonton and surrounding areas. So while you shouldn’t purchase a product or service based on what might happen in the future, I think it’s safe to say that if I did these tests two years from now, these speeds will be faster. How much faster is still an open question though.
Finally, let me touch on coverage briefly as I am going to go down that rabbit hole after I have had a chance to do more testing. Freedom Mobile has its own 5G and 4G LTE networks. But while that coverage is in areas like the Greater Toronto Area, most of the Golden Horseshoe, and in a lot of places like Barrie, Kitchener, and the like, is still being built out for the most part. For example Peterborough and Ottawa for example have 4G LTE service only. Meanwhile Toronto and Barrie for example have 5G service. For everywhere else that isn’t covered by Freedom Mobile 5G or 4G LTE networks, the company relies on their “nationwide” network which means that Freedom Mobile customers roam onto Bell, or Rogers. You can get a look at Freedom Mobile’s coverage here. But it pays to check what their coverage in relation to where you tend to go is before you sign up to see if it will meet your needs.
So why does coverage matter? If you’re in a 5G area like I am, you’re more likely to get faster speeds than you would in a 4G LTE area, or on their “nationwide” network. But that remains to be tested. Which I will be doing over the next few days. Stay tuned for that.
So on Wednesday night we switched to Freedom Mobile. We’ve had no issues so far and I’ve done some basic testing on their 5G speed that I will report on tomorrow. But we’ve found out that we can get more for our money with a little legwork. Here’s what we were quoted when we signed up:
30GB of data in Canada and US for $34 a month for 2 years.
$10 for our Apple Watches
$4 for visual voice mail
Now relative to what we were getting from TELUS which was 6GB for $70, this was a good deal from Freedom Mobile. But it turns out that Freedom Mobile had an even better deal. They had a special on Boxing Day that gave you 50GB for the same price. And that deal was extended to the entirety of Boxing Week apparently. Now to be clear, my wife and I are extremely unlikely to burn through 50GB in a month. But seeing as it’s not costing us any more than 30GB, we figured that there is no downside here. So why not grab this deal?
Here’s how we got it.
First you need to be able to log into your Freedom Mobile account via login.freedommobile.ca. Or put another way, if you just switched over, you should make sure that you set this up immediately.
Once you log in, you’ll hit this page:
You have to make sure that you pick the right phone number in the top right if you have multiple lines. Then you need to click “Change My Plan”. That takes you to this page:
If you look at the right side of this screen shot, you’ll see the “Boxing Week Offer” of $34 a month which is normally $44 a month for 50GB of US and Canada data. Click on it and choose it. That will take you to a page that will prompt you to agree to the terms and conditions and accept these changes. If everything goes right, you’ll get a text message within 10 seconds from 611 saying that you’ve changed your plan.
Now if you’re not able to make this change via their website, you can reach out to Freedom Mobile on Twitter from 9AM to 1 AM Eastern Time, or by WhatsApp at +1-647-700-2435. Or you can Message FreedomMobile on FaceBook. Or you can do any of the following:
Dial 611 from a subscribed device on Freedom Mobile
Dial 1-877-946-3184 from any North American phone
Dial +1-647-700-2435 from any phone outside North America
NOTE: I did not see any mention of any additional charges when I did this. So I assume that there are none. But that’s an assumption and not fact. If anyone has additional insight on this, please let me know in the comments below.
You might want to hurry as I suspect by Saturday or Sunday, this deal will be gone. To be clear, I’m not shilling for Freedom Mobile. But I am interested in making sure that you get the best deal that you possibly can during this holiday season.
Here’s some inside info on how things work on this blog. My wife works with me to run this blog as I often am too busy working with my clients to get content online. So she will sometimes post stories for me. Especially if it’s breaking news. She also monitors the Twitter and Mastodon accounts and sometimes she will post stuff on those platforms as well. Recently, she had a conversation with some of her friends about how much their telco costs were, and the fact that getting a better deal from whomever your telco happens to be at that moment is next to impossible. That prompted her to post this on Twitter:
Serious question.
Why is it that Canadian telcos like @Bell , @Rogers, and @Telus value your business and give you great deals AFTER you leave them rather than while you're still with them?
So my wife took this conversation to her DM’s, and after some back and forth she got what she thought what was a commitment to get a call back from the TELUS loyalty group within three business days. The thing was that three business days passed and nothing happened. Thus she posted this:
Several days ago, @Telus said that someone would be phoning me to "go over options" to see if we can lower our bill. But that hasn't happened. That's very disappointing and I'm having my partner look at another carrier to save money. https://t.co/HNzA2cJPs6
TELUS to their credit, did try to call her twice after that was posted. Once she was in a meeting so she wasn’t able to take the call. The second time she picked up the phone but there was nobody on the other end. What made matters worse is that when she checked her voice mail, she found out that their loyalty department is outbound only as that information was in the voice mails that they left. Meaning that you can’t call them back. While I get why they do that, which is to avoid being flooded by people who want to lower their cell phone bills, it’s a #Fail as it creates this sort of situation where a customer who does want to work with a telco being unable to get in touch with said telco. Thus the customer left frustrated and starts seeking other options as a result. And that’s when she highlighted to me what our cell phone bill was with TELUS:
Each of our iPhones cost us $70 a month and that gave us 6GB of data.
Each iPhone has Visual Voicemail which costs $5 a month.
Each of our Apple Watches were $10 a month with a bonus of 1GB of data.
So the net result was $85 a month for each our phones with TELUS. That isn’t cheap, and we don’t get a lot for our money seeing as we were only getting 6 – 7 GB of data. That started a discussion between us as to where we could save money. Because let’s be honest. Everything is more expensive these days. Which means that people are going to look to save money wherever they can. And if Canadian telcos were smart, they would work to help their customers to save money rather than have them bolt to another carrier and then have to try to get them back later. Now I get why telcos do this. Their shareholders only care about churn (the number of people who leave a telco which should be less than 1% per quarter), average revenue per user, and the number of customers a telco acquires in a given quarter. The retention of customers isn’t top of mind with telcos unless their churn rate skyrockets. But I would argue this. The best customer for a telco to have is the one they currently have because they already have them. And if it costs them a couple of bucks via a better deal to keep them, then that is a better option in my mind versus having them leave and either offer a “winback” deal to get that customer back, or acquiring a new customer from another telco via a promotional offer of some sort to entice them to switch.
Now all of this sounds like we’re trashing TELUS. The fact is that we’ve had no problems with them to speak of in terms of service. As in being able use our iPhones and Apple Watches when we need to and where we need to. And the very few times we’ve called them, the customer service has been great. But the fact is that my wife and I simply need to pay less for our cell phone service. And clearly there are better deals out there to be had.
Enter Freedom Mobile.
Now we were willing to give Freedom Mobile a shot because there was zero chance we were going back to Rogers due to their massive outage that basically took down the country in 2022. And we were never going to bundle all of our services with Bell because we want diversity with our telco services. In other words, some of our services with one telco, and other services with another telco. That way if a Rogers type situation happens again, something should still work. Thus Freedom Mobile got a serious look from us. And they had a deal during boxing week that got our attention. Which was this:
30GB of data in Canada and US for $34 a month for 2 years.
$10 for our Apple Watches
$4 for visual voice mail
That’s $48 a month for each of our phones and Apple Watches. A net savings of $41 a month for each of us. And we get more for the money we do spend with Freedom Mobile in terms of far more data. After doing some research in terms of coverage and service quality on Reddit, we felt comfortable enough to pull the trigger on this. Yes we’d likely have to revisit this in two years, but that’s not a today problem. Saving money is today’s problem.
PRO TIP: If you’re going to pull the trigger on Freedom Mobile, your best bet is to go to a corporate location to get the best service based on the research that I did on Reddit. Now I will say that this isn’t 100% guaranteed as I will illustrate in a moment. But it’s truly your best bet as the consensus on Reddit is that dealership stores which may display Freedom Mobile signage aren’t owned by Freedom Mobile. Thus they apparently have been known to play fast and loose with the truth to make a sale.
Type in your location. Then on the left side, where the location results are, choose “warranty and repair”. That will isolate all the corporate stores as evidenced by this screenshot:
Now originally my wife and I went to the Sherway Gardens location as we had to do some other things in that mall. Thus it was one stop shopping. But when we started talking to the staff there, they said that Apple Watch plans are not something that Freedom Mobile offers and the only company that does is “TELUS and maybe Bell”. Even when I showed them Freedom Mobile’s website on my phone which clearly lists Apple Watch plans as an option, they denied it was even a thing. Thus we left and went to the Cloverdale Mall location. Which is where I posted this to Twitter:
Hey @FreedomMobile some free advice. The staff at yes Sherway Gardens location claims that you don’t offer Apple Watch plans. I know that’s not true and if we weren’t determined to leave @telus we would have pulled the plug. Instead we went to another location and it worked out.
Anyway, when we worked with the staff at the Freedom Mobile kiosk at Cloverdale Mall, they really worked with us to make sure that we understood everything before we did anything. And within 20 minutes, we had an account set up as well as two SIM cards. We went home and less than one hour after we got home our numbers were ported over from TELUS as we were notified of that via a text message that we got shortly after we inserted our Freedom Mobile SIM cards into our respective phones. At that point we were able to create an online account where we were able to add visual voice mail. Then we were able to use the Watch app on our iPhones to add a Freedom Mobile plan to our Apple Watches. Finally, we enabled WiFi calling on our phones to give more robust options in terms of cell coverage when we are on WiFi in an area with limited cell coverage.
Total time invested including driving from home to Sherway Gardens, then to Cloverdale Mall, then to home to finish setting up everything: Just under 2 hours
Other than the staff at the Freedom Mobile kiosk at Sherway Gardens who clearly didn’t have a clue about Freedom Mobile’s offerings, the process was pain free. One bonus is that Freedom Mobile waived our connection fees. That’s an extra $90 that we’re saving.
Now I really have to do some testing on Freedom Mobile’s coverage. But the thing that I noticed right off the top was that we were getting a strong 5G signal inside our condo. This was never the case with TELUS. I’ll be interested to see how that translates into coverage and speed in the areas that I travel. Thus I’ll spend the next few days doing some testing this with my iPhone 14 Pro and let you know what I find out. I’ll also report back on any issues that we have as I’m typing this less than 24 hours after we made the switch. While we’ve had no issues so far, it is possible that we might come across something negative (or positive for that matter) that is worth reporting on. Stay tuned for that as well. And if you have any questions on our experience, drop us a comment and we’ll do our best to answer them.
If you’re on Freedom Mobile here in Canada, and you have an Android phone, there is a super dangerous text message that you need to be aware of. Here’s the text message in question:
Now what’s dangerous about this message is if you click the link, you will be prompted to download and Android .APK file and give it all sorts of permissions. If you do that, it will not end well for you because the .APK file in question looks like this on Virus Total:
In short, a lot of the antivirus sites detect this as malware that likely does all sorts of nasty things to your Android phone. And what’s really crafty about this is if you try to access this website from anything other than an Android phone, it will not download the payload as it checks the browser that you’re using. Thus it evades detection for a longer period of time.
Here’s some quick facts: Freedom Mobile, nor any other carrier will ask you to download a software update of any sort to “continue to use your services”. Thus if you get a text like this, you need to delete it ASAP and not click on any links. Nor should you install anything if prompted. And if you’re on an Android phone, this reinforces that you need to be super careful of what you install. Because it doesn’t take much to get pwned by a threat actor.
Speaking of this threat actor, it’s clear that this is someone who on the surface appears to be skilled and is likely to target Bell, Rogers, and TELUS customers next when their luck with Freedom Mobile runs out. So customers of all phone carriers need to be aware of this as it is highly likely that this is coming for you next.
Canadians don’t need a second telco to have an outage. But apparently, Freedom Mobile who is owned by Shaw Communications is had an outage on Friday as confirmed by this Tweet:
However a quick look at Down Detector‘s outage map for Freedom Mobile shows that it was likely bigger than Souther Ontario.
From what I can tell, this started around 1PM on Friday and is resolved as I type this. But what makes matters worse from an optics perspective, Rogers who took a nationwide dirt nap on Friday in epic fashion wants to buy Shaw Communications. This is truly one of those situations where the jokes just write themselves. Though for those Freedom Mobile customers who were affected by this outage, it’s no joke.
Canadian telcos have to realize that they are under a microscope right now because of what happened on Friday as members of the media like yours truly are just waiting to pounce on any mis-step that they make.
News surfaced last night that Rogers and Shaw have cut a deal with Quebecor to sell the latter Freedom Mobile so that it hopefully the Canadian Government will approve the merger between Rogers and Shaw:
Under the terms of the Divestiture Agreement, Quebecor has agreed to buy Freedom on a cash-free, debt-free basis at an enterprise value of C$2.85 billion, expanding Quebecor’s wireless operations nationally. The Divestiture Agreement provides for the sale of all of Freedom branded wireless and Internet customers as well as all of Freedom’s infrastructure, spectrum and retail locations. It also includes a long-term undertaking by Shaw and Rogers to provide Quebecor transport services (including backhaul and backbone) and roaming services. The parties will work expeditiously and in good faith to finalize definitive documentation.
As Freedom’s new owner, Quebecor will bring a strong operational track record, a history of competing vigorously and successfully in telecommunications services, including its wireless brands in Quebec and Eastern Ontario, and significant financial and spectrum resources to enable an expedient path to the next evolution of 5G technology for Freedom.
“Our agreement with Quebecor to divest Freedom is a critical step towards completing our proposed merger with Shaw. We strongly believe the divestiture will meet the Government of Canada’s objective of a strong and sustainable fourth wireless services provider,” said Tony Staffieri, President and CEO of Rogers. “This agreement between proven cable and wireless companies will ensure the continuation of a highly competitive market with robust future investments in Canada’s world class networks. We look forward to securing the outstanding regulatory approvals for our merger with Shaw so that we can deliver significant long-term benefits to Canadian consumers, businesses and the economy.”
I’m not so sure about that. While Quebecor has made life miserable for Rogers, Bell, and Telus within the province of Quebec, I seriously doubt that they’d be willing to do the same thing outside of Quebec. Which means that consumers won’t benefit. In my opinion, what really needed to happen is that Freedom Mobile needed to sold to a company who would commit to lowering prices and committing to competing against the big three telcos. That didn’t happen here and Canadians lose as a result.
This isn’t a good look for Rogers, Bell, Freedom Mobile, TELUS and a few other telcos. According to BleepingComputer, Microsoft has found some serious vulnerabilities in Android apps that they distribute:
The vulnerable apps have millions of downloads on Google’s Play Store and come pre-installed as system applications on devices bought from affected telecommunications operators, including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile.
“The apps were embedded in the devices’ system image, suggesting that they were default applications installed by phone providers,” according to security researchers Jonathan Bar Or, Sang Shin Jung, Michael Peck, Joe Mansour, and Apurva Kumar of the Microsoft 365 Defender Research Team.
“All of the apps are available on the Google Play Store where they go through Google Play Protect’s automatic safety checks, but these checks previously did not scan for these types of issues.
“As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device.”
Well, that’s not good. But these apps have been fixed. Sort of. Microsoft reached out to the relevant parties and these vulnerabilities were fixed. But the at-risk framework is likely used by numerous other service providers who may still have apps out there that aren’t fixed. Which means that threat actors can still launch attacks.
To protect yourself, search for the package name com.mce.mceiotraceagent on you Android device. If you find it, delete it ASAP if you can. I say that because you might need root access to delete it.
I Question The Security Of Freedom Mobile’s Freedom My Account Web Portal
Posted in Commentary with tags Freedom Mobile on February 1, 2024 by itnerdMy wife and I have been customers of Freedom Mobile since the end of the year. And I have to admit that one thing that does give me cause to pause is the Freedom My Account Web Portal located at https://login.freedommobile.ca. I say that because in the age of SIM swap attacks, I question if this web portal can adequately defend against a threat actor who wanted to do either or both.
First let me explain what a SIM swap attack is. This is where a threat actor takes over the SIM card on your cell phone by porting the number from the SIM card in your phone to a SIM card inside a phone that they have control over. Why would they want to do that? Well, if you have text message based two factor authentication set up, those authentication messages will now come to the threat actor’s SIM card instead of yours. Which means that if they already have your user name to a given online account that relies on two factor authentication, you’re pwned because they can reset the password to said account to get in, assuming that they don’t already have the password. If you want an example of how bad a SIM swap attack could be, take a look at this article written by Brian Krebs on a very large scale SIM swap attack that affected 130 organizations.
Here’s a couple of examples of why SIM swap attacks are dangerous. Late last year I wrote about telephone scams from threat actors pretending to be Rogers, TELUS, or Bell, offering great deals and a new phone to the unsuspecting. But in reality, what the threat actors were doing was that they were trying to get victims to hand over the two factor authentication codes that victims got via email or text message so that they can get into the victim’s account and order a new phone for shipment overseas. Now imagine if they could just focus in on the text message group by doing a SIM swap so they don’t even need to call you to do that. Or how about this? A threat actor does a SIM swap attack and is able to get the two factor authentication codes for your bank account. Then they proceed to drain your bank account dry. Clearly these are non trivial results of a SIM swap attack, which is why the security that telcos provide to stop these attacks need to be top shelf.
Now here’s why I question if Freedom Mobile is doing enough on this front. When you go to https://login.freedommobile.ca, you see this:
Here you will be asked to enter your Freedom Mobile phone number and a four digit PIN number that you chose when you set yourself up to access this web portal. Realistically, Freedom Mobile needs to have proper accounts with proper passwords. And have a password complexity requirement. For example, all passwords need to be a minimum of eight characters with one capital letter, a number, and a special character ($%#& for example). I say that because I can see a scenario where a threat actor who tries a credential stuffing attack by trying various combinations of the PIN number to see if they can get into the account. To be fair, I have not tested this which means that I have no idea if Freedom Mobile can defend against this attack. But seeing that only four digits are in play here, if I were a threat actor, that’s what I would try first as I have “only” 9999 possibilities to work with. Which from a security perspective is pretty weak.
The other thing that Freedom Mobile should do is move away from delivering the two factor authentication via text message. I say that because of this:
Once you enter your Freedom Mobile number and enter the PIN you get to choose the phone number that you want a text message with a two factor authentication code delivered to, and confirm that phone number.
Here’s where you get to enter the security code that you get via text message.
Now I will admit that there’s a lot of hoops that a threat actor would have to hop through to pull an attack on Freedom Mobile off. But as evidenced by the Brian Krebs story, threat actors if they are motivated enough and believe that there’s value in doing so will find a way to pull this sort of attack off.
But let me hand some free advice to Freedom Mobile to help them to kill off this potential attack vector. My current bank of choice is CIBC. Their mobile app has an option to receive verification codes via push notification rather than text. So if you try to log into the CIBC website, you’ll get a push notification on your phone as long as the CIBC app is installed on your phone. That does two things. First a SIM swap attack won’t work because it’s not tied to your phone number. Second, if your phone gets stolen you can kill push notification access to that phone. Now for Freedom Mobile to do something like this, it would require them to do a real phone app rather than the one that they presently have which only replicates the exact functionality of https://login.freedommobile.ca in a mobile friendly way. But that would be something that would be a worthy endeavour in my opinion.
Now I will put it out there that I could be completely off base here and Freedom Mobile may have security measures “behind the curtain” so to speak that addresses my concerns. If they do and they are willing to go on the record about how they protect customers from this sort of attack, I’d love to hear from Freedom Mobile about this and publish a story with their response. To be clear, I don’t expect them to tell the world exactly what they are doing. But Freedom Mobile addressing these concerns would be a smart move on their part because I am sure that their customers would love to hear how they are being protected from SIM swap attacks among other threats that exist in the world in 2024.
2 Comments »