Sign In

Communications of the ACM

ACM TechNews

SIM Swapping, Poor Web Security Put Millions at Risk


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A promotional image for the use of two-factor authentication.

Princeton University researchers have found that two-factor authentication is easily hackable and could put millions of people at risk.

Credit: montgomerycollege.edu

Researchers at Princeton University have found that two-factor authentication (2FA)—a security measure recommended by many websites and apps—is easily hackable and could put millions of people at risk.

If a bad actor can compromise a user's phone, that will give them access to that user's online accounts.

"SIM swapping" attacks allow hackers to port phone numbers to new SIM cards. Mobile phone networks should have security measures in place to prevent this, but the Princeton researchers found that five major U.S. networks do not have sufficient protections in place.

Once hackers have control of a phone, they can reset passwords to online accounts by redirecting the 2FA confirmation texts.

The team also analyzed 140 websites for their vulnerability to SIM swapping, and found that 17 major websites were "doubly insecure," meaning they did not ever require a user to insert their password to gain access to accounts, asking only for a telephone number.

From New Scientist
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found