The global pandemic has seen a huge rise in cyber-related crimes. According to MonsterCloud, Cybercriminals have taken this opportunity to up their attacks, both in frequency and scope.
To avoid being hacked online, people choose Two-factor authentication (2FA). 2FA brings an extra layer of security that passwords alone can’t provide. Requiring an extra step for a user to prove their identity reduces the chance of a bad actor gaining access to data.
One of the most common methods of 2FA is SMS text messages. The problem is that SMS is not a secure medium. Hackers have several tools in their arsenal that can intercept, phish, and spoof SMS. Despite this security flaw and better options for authentication, SMS-based 2FA is still used by several institutions.
SIM swapping and SS7 spoofing are real and present dangers. They make cellphones into weak-as-kitten second factors and useless for password resets.
The most widely reported method for intercepting phone-based authentication passcodes, according to the researchers, is a SIM swap attack. They explain that by making an unauthorized change to the victim’s mobile carrier account, the attacker diverts service, including calls and messages, to a new SIM card and device that they control.
What Is Sim Swapping?
SIM swapping is a malicious technique where threat actors target mobile carriers in an attempt to take over users’ accounts. The end goal of the attack allows the threat actor to thwart SMS-based two-factor authentication and what it is designed to protect.
A study conducted by the Department of Computer Science and Centre for Information Technology Policy at Princeton University confirms the risks associated with using SMS as a 2FA. The study, An Empirical Study of Wireless Carrier Authentication for SIM Swaps, notes that, although this means of authentication is ubiquitous as a second factor or account recovery method, it does expose customers to “severe risks”.
Using two-factor authentication, or 2FA, is the right thing to do. But you put yourself at risk getting codes over text.
What should I Use Instead?
An authentication app such as Google Authenticator, Microsoft Authenticator, or Authy. It has the advantage of not needing to rely on your carrier; codes stay with the app even if a hacker manages to move your number to a new phone. And codes expire quickly, usually after 30 seconds or so. In addition to being more secure than SMS, an authentication app is faster; you only need to tap a button to verify your identity instead of manually entering a six-digit code.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.