SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

guest · Jan 20, 2020

Sim swap attacks making two-factor authentication via smartphones obsolete
January 20, 2020
https://www.scmagazineuk.com/sim-sw...tion-via-smartphones-obsolete/article/1671302

Two-factor authentication is easily thwarted by social engineering hence Sim swap attacks risk making 2FA via smartphones obsolete, according to security researchers.

In a blog post, security researchers said that many mobile operators aren’t asking the difficult security questions to ensure the caller is the legitimate mobile phone user.
The research showed that in most cases a threat actor only needs to answer one question right when questioned by their customer service representative reset the password on the account and port the number over.

"We also found that in general, callers only needed to successfully respond to one challenge in order to authenticate, even if they had failed numerous prior challenges. [...]" the report said.
"If you want to mitigate those risks, use a different second factor such as hardware tokens or authenticator software for example Microsoft or Google.
Click to expand...

"If possible, avoid using SMS messages for two-factor authentication - there are a number of authentication apps that provide a similar service. Even though SMS messages are vulnerable, it is better to use them for 2FA than to use nothing at all. Best of all is to use non-SMS based MFA tools, though," he said.
Click to expand...

PhishLabs: SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

On August 30, Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing.

Up until recently, few statistics on successful 2FA attacks have been available as they are rare. However, phishers today are changing that, and by using a combination of old-school techniques and social engineering, they can now convince mobile carriers that they are you, and successfully gain unlimited access to your sensitive information.
Click to expand...

Rasheed187 · Mar 28, 2020

I wonder when companies and especially online banks will finally start to migrate away from SMS based 2FA. Here is another example of how hackers stole 3.5 million euro:

SIM swappers arrested by Spain, Austria and Romania as police gears up against this growing threat

It is a common story: the signal bars disappears from their mobile phones, they call the phone number – it rings, but it’s not their phone ringing. They try to login to their bank account, but the password fails. They have become the newest victim of SIM swap fraud and their phone number is now in the control of a criminal.
Click to expand...

https://www.europol.europa.eu/newsr...e-stealing-millions-highjacking-phone-numbers

Log in or Sign up

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

guest Guest

Rasheed187 Registered Member

Log in or Sign up

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

guest Guest

Rasheed187 Registered Member

Useful Searches