/* ---- Google Analytics Code Below */

Saturday, January 25, 2020

Sim Swapping Insecurity

Had read about this.   The details here are that those responsible for the most minimal security are not taking it seriously. Poor security is not the right term,  nonexistent was too often the case.

SIM Swapping, Poor Web Security Put Millions at Risk
New Scientist
Chris Stokel-Walker
January 22, 2020

Researchers at Princeton University have found that two-factor authentication (2FA)—a security measure recommended by many websites and apps—is easily hackable and could put millions of people at risk. If a bad actor can compromise a user's phone, that will give them access to that user's online accounts. "SIM swapping" attacks allow hackers to port phone numbers to new SIM cards. Mobile phone networks should have security measures in place to prevent this, but the Princeton researchers found that five major U.S. networks do not have sufficient protections in place. Once hackers have control of a phone, they can reset passwords to online accounts by redirecting the 2FA confirmation texts. The team also analyzed 140 websites for their vulnerability to SIM swapping, and found that 17 major websites were "doubly insecure," meaning they did not ever require a user to insert their password to gain access to accounts, asking only for a telephone number..... '

No comments: