Uh Oh, Hackers Can Barrel Through Two-Factor Authentication

You’ve probably been pushed to use two-factor authentication on your smartphone in order to add a more than basic security. However, security experts have now discovered that hackers can just as easily steal your device’s information by spoofing your SIM card. In fact, two-factor authentication is more vulnerable than using cybersecurity apps for mobile devices. One such highly rated app is dfndr security, which has an anti-hacking feature that protects you from phishing attempts that could be used to take over your device.

Read More: Avoid Being Hacked When Shopping Online

Here’s what you should know about the latest threat that spoofs SIM cards and how you can protect yourself.

How Hackers Intercept Unencrypted Messages
The way cyber criminals go about stealing your information is by intercepting SMS messages sent through your device as it’s sent over the network. They can also steal databases full of data about mobile device accounts from phone carriers. One way they do this is by sending phishing emails, followed by exploiting a vulnerability in the signaling network that connects calls and messages.

One such scam was used through a T-Mobile bug on the company website that gave hackers access to the personal details of customer accounts. Hackers then used this information to impersonate T-Mobile customers in order to get a copy of their SIM cards. The scam involved pretending to lose a phone and then calling customer service and requesting an identical SIM card. They are then able to drain your bank account if it is linked to your phone or access other personal details.

Two-Factor Authentication? May Not Be So Secure
Experts now believe SMS is not as secure as using physical tokens or authentication apps on smart devices. One alternative to two-factor authentication that some companies are offering is a hardware token, as it does not send information over a carrier’s network.

The benefit of using this technology or a security app with authentication features is that they do not depend on the SIM card. Plus, these apps are not randomly generated since they are based on a seed code connected to your identity, making it harder for hackers to access.

Cryptocurrency Owners Being Targeted Too
Hackers often target wealthy groups or individuals flush with bitcoin and other cryptocurrencies in order to drain their accounts. Security groups have discovered that it’s very easy for hackers to intercept text messages and steal bitcoin from unsuspecting digital wallet holders. For example, Coinbase accounts linked with specific Gmail accounts that were secured by two-factor authentication fell to hackers hands.  

The white hackers then experimented by intercepting text messages and exploiting flaws in the cell network, giving them the ability to reset passwords to Gmail accounts and take over their Coinbase information.

In addition to using security apps and hardware tokens, you can avoid falling prey to these attacks by setting up a special PIN number with your mobile phone carrier that’s required every time you call customer service. With that extra security measure in place, this can deter spoofing of your SIM card.

Finally, be careful when using two-factor authentication. It’s always wiser to use it, rather than not, but perhaps disable it for any web based email that’s connected to your cryptocurrency account.