Categories: Security

Uh Oh, Hackers Can Barrel Through Two-Factor Authentication

You’ve probably been pushed to use two-factor authentication on your smartphone in order to add a more than basic security. However, security experts have now discovered that hackers can just as easily steal your device’s information by spoofing your SIM card. In fact, two-factor authentication is more vulnerable than using cybersecurity apps for mobile devices. One such highly rated app is dfndr security, which has an anti-hacking feature that protects you from phishing attempts that could be used to take over your device.

Read More: Avoid Being Hacked When Shopping Online

Here’s what you should know about the latest threat that spoofs SIM cards and how you can protect yourself.

How Hackers Intercept Unencrypted Messages
The way cyber criminals go about stealing your information is by intercepting SMS messages sent through your device as it’s sent over the network. They can also steal databases full of data about mobile device accounts from phone carriers. One way they do this is by sending phishing emails, followed by exploiting a vulnerability in the signaling network that connects calls and messages.

One such scam was used through a T-Mobile bug on the company website that gave hackers access to the personal details of customer accounts. Hackers then used this information to impersonate T-Mobile customers in order to get a copy of their SIM cards. The scam involved pretending to lose a phone and then calling customer service and requesting an identical SIM card. They are then able to drain your bank account if it is linked to your phone or access other personal details.

Two-Factor Authentication? May Not Be So Secure
Experts now believe SMS is not as secure as using physical tokens or authentication apps on smart devices. One alternative to two-factor authentication that some companies are offering is a hardware token, as it does not send information over a carrier’s network.

The benefit of using this technology or a security app with authentication features is that they do not depend on the SIM card. Plus, these apps are not randomly generated since they are based on a seed code connected to your identity, making it harder for hackers to access.

Cryptocurrency Owners Being Targeted Too
Hackers often target wealthy groups or individuals flush with bitcoin and other cryptocurrencies in order to drain their accounts. Security groups have discovered that it’s very easy for hackers to intercept text messages and steal bitcoin from unsuspecting digital wallet holders. For example, Coinbase accounts linked with specific Gmail accounts that were secured by two-factor authentication fell to hackers hands.  

The white hackers then experimented by intercepting text messages and exploiting flaws in the cell network, giving them the ability to reset passwords to Gmail accounts and take over their Coinbase information.

In addition to using security apps and hardware tokens, you can avoid falling prey to these attacks by setting up a special PIN number with your mobile phone carrier that’s required every time you call customer service. With that extra security measure in place, this can deter spoofing of your SIM card.

Finally, be careful when using two-factor authentication. It’s always wiser to use it, rather than not, but perhaps disable it for any web based email that’s connected to your cryptocurrency account.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago