AT&T Launches Wireless Account Lock to Prevent SIM Swap Attacks

Move is aimed at curbing a form of abuse that costs subscribers dearly.

By Dan Goodin – Jul 2, 2025

Introduction

After years of lagging behind competitors, AT&T has rolled out Wireless Account Lock, a new security feature designed to stop unauthorized SIM changes and port-outs. The service is a direct response to a surge in SIM swapping and port-out fraud, which have cost consumers and enterprises millions of dollars in stolen digital assets and personal data.

How SIM Swapping Works

SIM swapping exploits the way mobile operators authenticate subscribers when porting numbers or replacing SIM cards. Attackers typically:

1. Gather personal data via phishing, data breaches, or social engineering.
2. Contact the carrier posing as the victim and request a SIM replacement or port-out.
3. Bypass weak authentication using outdated PINs, caller ID spoofing, or bribed insiders.
4. Trigger two-factor reset on financial accounts, seizing control of emails, crypto wallets, and banking apps.

In 2024, federal prosecutors charged operators of a SIM swap ring that siphoned off over $400 million in cryptocurrency by intercepting one-time passwords delivered via SMS.

Wireless Account Lock: Technical Specifications

• Activation: Users enable the lock in the myAT&T app under Security Settings > Wireless Account Lock. The toggle requires biometric confirmation or a strong password to disable.
• Protocol Integration: The lock leverages AT&T’s proprietary API gateway, inserting an additional authentication step in the Home Location Register (HLR) and Home Subscriber Server (HSS) queries before provisioning a new SIM IMSI.
• Attack Surface Reduction: By freezing changes at the HLR level, the feature prevents SS7-based port-out commands and guards against STIR/SHAKEN bypasses.
• Audit Logging: Each lock/unlock event is time-stamped and forwarded to a Security Information and Event Management (SIEM) system for anomaly detection, enabling rapid incident response.

Comparison with T-Mobile and Verizon

• T-Mobile’s Account Lock: Offers a PIN-based freeze but lacks biometric deactivation and real-time SIEM integration.
• Verizon’s Number Lock: Requires customers to visit a retail store or call customer service with ID verification, creating friction but a stronger identity proofing step.

Regulatory and Industry Context

In 2023, the Federal Communications Commission (FCC) mandated stricter subscriber authentication for port-outs, including:

• Requiring passcodes instead of billing ZIP codes.
• Mandating multi-factor identity proofing for high-risk accounts.
• Encouraging carriers to adopt STIR/SHAKEN verification to reduce call spoofing.

Despite these rules, enforcement has been uneven, prompting carriers to innovate with in-house solutions like Wireless Account Lock.

Expert Perspectives

“Implementing biometric deactivation and SIEM alerts significantly raises the bar for attackers. It’s a much-needed evolution over simple PIN locks,” said Dr. Irene Liu, cybersecurity researcher at the Telecom Security Lab.

“This feature, combined with real-time AI-driven fraud detection models, could reduce port-out fraud by up to 80%,” noted Raj Patel, VP of Security Engineering at SecureWave.

Future Challenges and Recommendations

• Insider Threats: Carriers must continuously audit employee actions and apply strict access controls to provisioning platforms.
• AI-Driven Social Engineering: As AI-generated deepfakes improve, voice and video verification will become critical.
• Standardization: Industry-wide adoption of zero-trust principles for SIM provisioning could harmonize security across carriers.

Additional Analysis

1. Impact on Corporate and IoT Subscribers

AT&T’s Business Wireless Account Lock integrates with Mobile Device Management (MDM) platforms, allowing IT administrators to enforce SIM locks on corporate devices. This is particularly important for IoT deployments in utilities and manufacturing, where compromised SIMs can disrupt critical services.

2. AI & Machine Learning in Fraud Detection

Carriers are increasingly employing machine-learning algorithms to detect anomalous provisioning requests. Models ingest metadata such as request time, geolocation changes, and device fingerprinting to assign a fraud risk score. High-risk transactions trigger additional out-of-band verifications (e.g., push notifications to a pre-registered device).

3. Global Adoption Trends

European carriers have led in mandatory eID-based SIM registration since 2019, reducing port-out incidents by 60% in the EU. U.S. operators could benefit by integrating federal e-ID frameworks once they become available.

Conclusion

AT&T’s Wireless Account Lock represents a significant step forward in the battle against SIM swap fraud. By combining biometric gating, HLR-level freezes, and SIEM integration, the carrier aligns with FCC mandates and raises the industry standard. However, ongoing vigilance against insider abuse, AI-driven social engineering, and regulatory evolution will be crucial to maintain momentum.