With 2FA and MFA being adopted across the board, cybercriminals have devised a way to circumvent this security measure with a simple technique. By leveraging the easy security questions that mobile providers ask users when they wish to swap operator but maintain their phone number, threat actors are able to impersonate unsuspecting victims by effectively stealing their mobile number.
One study conducted by researchers at Princeton found that North American prepaid telecom companies, in most cases, would allow customers – or anyone pretending to be a customer – to port their number over with just one correct security answer.
This makes it fairly easy for someone to impersonate a target and obtain access to their phone number and, consequently, to the 2FA authentication key/PIN.
Commenting on the news are the following security professionals:
Dewald Nolte, Chief Commercial Officer, Entersekt:
There are two approaches you can use to combat SIM swap attacks; namely, detection and prevention. Due to the way that the industry uses SMS based verification codes, detection is not always a foolproof way of eliminating this type of attack. It can certainly make life more difficult for the perpetrator, but there are advanced techniques available to get around most of the detection techniques. This is why a prevention approach is ideal. An omni-channel authentication solution cryptographically binds to a user’s device, removing the reliance on the SIM card for authentication and thereby completely eliminating SIM swap attacks.
David Richardson, Sr. Director, Product Management at mobile security specialists Lookout:
First, users should make sure their mobile accounts have good securi ..
Support the originator by clicking the read the rest link below.
