Google Fi, and Mint Mobile are two MVNOs that claim to prevent again sim swapping [0][1]. Mint Mobile offers TOTP, and Google Fi is linked to your Google account, so you can add U2F/TOTP MFA.<p>However, would it still be possible for a T-Mobile retail employee to hijack a Google Fi, or Mint Mobile number? Both MVNOs use T-Mobile for their backend, but Google Fi uses US Cellular as well. There have been documented cases of retail T-Mobile employees conducting sim swaps. There has also been documented cases of Mint Mobile users getting sim swapped [2][3][4][5][6]. So, are MVNOs really not vulnerable to sim swapping? If so, is VOIP services like Google Voice the only secure alternative [7].<p>0. https://support.google.com/fi/answer/9834243<p>1. https://old.reddit.com/r/mintmobile/comments/jw21qf/how_does_mint_prevent_sim_swapping/<p>2. https://old.reddit.com/r/mintmobile/comments/113dyvi/sim_swap_a_few_days_ago_day_3_of_still_not_having/<p>3. https://old.reddit.com/r/mintmobile/comments/t4g4g3/i_just_got_sim_swapped_and_im_terrified_this_was/<p>4. https://old.reddit.com/r/mintmobile/comments/nw4gth/just_got_sim_swap_hacked/<p>5. https://old.reddit.com/r/mintmobile/comments/jw21qf/how_does_mint_prevent_sim_swapping/<p>6. https://old.reddit.com/r/GoogleFi/comments/10qes3h/at_least_one_google_fi_customer_had_accounts/<p>7. https://krebsonsecurity.com/2018/11/busting-sim-swappers-and-sim-swap-myths/
> Invulnerable to SIM Swapping?<p>As long as humans are allowed to "override" settings in the systems, none would be "invulnerable". More difficult, maybe, but not "invulnerable".<p>If a t-mobile employee with the right access to t-mobiles database can reassign a t-mobile number (even if that number is used by a MVNO) then there is always a risk that an employee can be bribed or be in on the heist.