Just in:
Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // CABSAT 2024 Ushers in 30 Years of Media Innovation // French Leaders Gather for Interfaith Iftar Dinner // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Global Audience to Witness Thrill of Dubai World Cup // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // TUMI Hosts Global Launch Event in Singapore to Unveil Women’s Asra Collection and Announce Global Ambassador, Mun Ka Young // First-Ever Fortune Innovation Forum Draws Top Global Leaders to Hong Kong, Promoting Agendas On Collective Cross-Sector Advancement // Melco Style Presents “SANRIO CHARACTERS STUDIO CITY CARNIVAL” – Explore a SANRIO World of Unlimited Love and Cuteness // Universal Language for Healthcare: General Authority Embraces Global Coding System // German Job Market Resilience Bodes Well for Economic Recovery // Ingdan Announces 2023 Annual Results // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // 2024 Lok Sabha Elections Will Be The Costliest One Till Now In The Whole World // New Nylon Constant Torque Hinge From Southco Provides Position Control In A Compact Package // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // US reiterates concern over Kejriwal arrest, Cong accounts //
HomeBiz TechTwo-factor security is so broken, now hackers can drain bank accounts

Two-factor security is so broken, now hackers can drain bank accounts

1493932411 two factor 2

two-factor-2.jpg

We’ve known for years that a key protocol that allows global cellular networks to communicate with each other had vulnerabilities — and nobody really took it that seriously.

Hackers and politicians alike have been warning for years that these flaws in the calling and text message routing system, known as Signaling System 7 (SS7), can be used to intercept and redirect calls and text messages, allowing hackers to eavesdrop on almost any phone in the world.

ADVERTISEMENT

Now, financially driven hackers are using the weakness to intercept text messages that deliver two-factor codes to bank customers to break in and empty their bank accounts, according to a report in a German newspaper.

It’s likely the first known account of the SS7 vulnerability being exploited in the wild by a malicious actor, rather than for demonstrative purposes.

According to the newspaper, the attackers would try to get into a person’s bank account. Armed with their username and password — possibly recycled from another breach — they would log in to their victims’ online banking account. Trouble is, they may not be able to get past the two-factor code, which sends a code or a phone call to a trusted device — like a phone — to ensure nobody else can log in.

By intercepting the call or text message using equipment, which the German newspaper said can be sold for around €1,000 ($1,100 in today’s conversion), the attackers can use the code to get full access to the bank account — and send money to any other account they want.

Some networks fare better than others, but nobody has fixed the vulnerabilities — likely because of the thought-to-be low risk for consumers versus a high cost and difficulty to fix.

That might have to change, now that potentially any text message-based two-factor authentication might be at risk — social networking accounts, banking logins, and email accounts, to name a few.

“Everyone’s accounts protected by text-based two-factor authentication, such as bank accounts, are potentially at risk until the FCC and telecom industry fix the devastating SS7 security flaw,” said Rep. Ted Lieu (D-CA) in a statement. Lieu is one of the few members of Congress with a computer science background — and who allowed hackers to eavesdrop on his phone during a 2015 episode of CBS “60 Minutes.”

“Both the Federal Communications Commission and telecom industry have been aware that hackers can acquire our text messages and phone conversations just knowing our cell phone number,” he added, before urging Congress to hold “immediate hearings” on the matter.

Just last year, the National Institute of Standards and Technology (NIST) said that it would deprecate its advice — albeit, not entirely advise against — for text message-based authentication, because it wasn’t as secure as other forms of two-factor authentication — such as apps, like Google Authenticator and Authy, which use end-to-end encryption to send two-factor codes.

The problem is many apps don’t provide app support for two-factor codes. You can check on this website though, which shows which sites, services, and companies support “software tokens.”

And if you haven’t ventured into two-factor territory yet — you really should. We even have a handy step-by-step guide to help you through.

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
TUMI Hosts Global Launch Event in Singapore to Unveil Women’s Asra Collection and Announce Global Ambassador, Mun Ka Young // First-Ever Fortune Innovation Forum Draws Top Global Leaders to Hong Kong, Promoting Agendas On Collective Cross-Sector Advancement // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Sunshine’s Debut Features Leave Tech World Scratching Its Head // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Universal Language for Healthcare: General Authority Embraces Global Coding System // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Melco Style Presents “SANRIO CHARACTERS STUDIO CITY CARNIVAL” – Explore a SANRIO World of Unlimited Love and Cuteness // Following the Money Trail: US and UK Investigate $20 Billion in USDT Transfers Tied to Sanctioned Russian Exchange // French Leaders Gather for Interfaith Iftar Dinner // Emirati Aid Reaches Ukraine as Food Shortages Bite // CABSAT 2024 Ushers in 30 Years of Media Innovation // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // 2024 Lok Sabha Elections Will Be The Costliest One Till Now In The Whole World // German Job Market Resilience Bodes Well for Economic Recovery // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Ingdan Announces 2023 Annual Results // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! //