Researchers at Princeton University have found that two-factor authentication (2FA)—a security measure recommended by many websites and apps—is easily hackable and could put millions of people at risk.
If a bad actor can compromise a user's phone, that will give them access to that user's online accounts.
"SIM swapping" attacks allow hackers to port phone numbers to new SIM cards. Mobile phone networks should have security measures in place to prevent this, but the Princeton researchers found that five major U.S. networks do not have sufficient protections in place.
Once hackers have control of a phone, they can reset passwords to online accounts by redirecting the 2FA confirmation texts.
The team also analyzed 140 websites for their vulnerability to SIM swapping, and found that 17 major websites were "doubly insecure," meaning they did not ever require a user to insert their password to gain access to accounts, asking only for a telephone number.
From New Scientist
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA