Category Archives: two-factor authentication problem

CyberSecurity: All about mobile sim swap attack!

SIM Swap attack (aka SIM intercept attack ) is an identity theft where someone could impersonate your digital life & received all text messages etc in their own SIM. Just to clarify, Sim swap attack isn’t about swapping your physical sim.

How attacker achieve this?

In cybersecurity chain, The weakest link is human factor & attacker knows how easy it is to convince with someone. By nature, we trust other people or system as well. How hackers convince customer representative is called social engineering. Social engineering is all about pretending to be someone & convince to the person who can trust & provide valuable information. With the same technique, SIM swap could happen. In very simple terms, Attacker would pretend to be you & would convince to your telecom carriers to switching your SIM number to new SIM which owns by the attacker.

How dangerous it could be?

It is very bad for the victims when all your OTP, messages etc are received by someone. Lots of things could be done. most dangerous is when an attacker can gain access to your bank accounts, credit cards, all other sensitive information which depends on OTP & messages. Recent examples here. SIM swap! Man charged after million dollar cryptocurrency theft

What is the solution?

Well, In such cases, nothing much can be done except taking extra precaution. There are a few solutions like App-based two-factor authentication just like Text/Message based authentication. Your bank has two-factor authentication & OTP goes to your message. You could enable app based two-factor authentication like Google authenticator, Authy etc. App-based authentication generates an OTP & that OTP would be within the apps so someone needs to steal your device to get that OTP. 

Problem with app-based two-factor authentication is that it may not possible with every bank & still rely on text-based two-factor authentication.

Final Thought

Anything which is linked to your banking system needs security. If any loose point is vulnerable then the whole thing could be vulnerable. In cybersecurity, it is said that every vulnerability is exploitable.

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” 

― Stephane Nappo