Posted on by Jack Eisenberg
Four Marketing Pillars to Build a Business, Compromised Email Accounts Revealed, scammers, New Ransomware Target Identified, Networking Etiquette, Is Your Home Router Hackable?, Cerber Ransomware Uses Dropbox to Avoid Detection, Almost Perfect Phishing Technique Now Active, Two-Factor Authentication Now Compromised, World Wide Ransomware, Microsoft Defends Against WannaCry Ransomware, OneLogin Secure Signin Service Breached, Petya Ransomware Flooding the World, Cogeco Phishing Attack Targets Subscribers, Home Renovation Tips, WPA2 wireless security, Windows Requirements for Meltdown and Spectre Updates, 4 Reasons A Small Business Owner With A CFO Mindset Can Succeed, WordPress Update Breaks Automatic Update Capability, RCMP Warn Wi-Fi Users to be Aware of Honeypots, CYBER FRAUD PREVENTION AND PROTECTION, Small Businesses Overspending on Cybersecurity Experts Say, Top Questions the CRA Gets at Tax Time, Windows 10 April 2018 Update Coming Soon, VPNFilter Malware has Affected Over 1 million Routers, 4 Ways Businesses Can Survive Disruptions Beyond Your Control, Criminals exploiting flaw in Windows 10 Task Scheduler, Computer security risk
05
May

Two-factor authentication – a mechanism meant to verify ownership of an account via a text message to the account owner’s phone – has been compromised

For years, experts have advised account holders to implement two-factor authentication for critical applications such as banking and social media, to prevent the hijacking of accounts even when passwords have been compromised.  Recently, a long-standing flaw in the way text messages are transmitted has been used to circumvent two-factor authentication.

In order for the compromise to work, the attacker must know a person’s username and password (details which may have been obtained by a security breach or other method) as well as the person’s mobile phone number.  Using a special device, which can be purchased over the internet, the attacker can intercept the text message used to authenticate the login – thereby gaining the authority to access accounts.

Apparently, this flaw in the telecommunication protocols is so expensive to fix, it has basically been ignored.  However, for all practical purposes, unless you are a “high-worth” target (in terms of financial or intelligence value), you are probably not at risk.  Nevertheless, the technology is out there.

Two-factor authentication that relies on phone apps (as opposed to text messages) is not compromised, as communication through an app is typically encrypted.  If you are offered the opportunity to use two-factor authentication through an app, that is definitely the way to go.

Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one.

blank
Jack Eisenberg

Jack is the owner of Safe and Secure Computing and JEM Software, with 40-plus years of programming, system design and consulting experience in the computer field. His businesses provide computer security, website design and hosting services to clients in the Windsor-Detroit area.