The other day, there was a shocking article about how Vice has an easy way to steal other people's SMS (Short Message Service).
The attacker does not need access to the target's phone or obtain a SIM card.
You just need to pay a pittance to VoIP service wholesalers to trick them into thinking they are resellers, forge documents, and forward the target's SMS to another number. is.
An SMS service with lax security
Lucky225 explains on Medium:
I'm not going to go into detail here on how to forward an SMS to another phone number, but I hope it's very easy and the victim doesn't even get a call or notification asking to approve the forwarding. I was just amazed at what had happened.
Of course, I'm sure most business SMS services have more security.
But the attacker just needs to find a service that allows forwarding without checking with the real owner of the phone number.
SMS Verification or Two-Factor Authentication Isn't Enough
This problem also extends to verifying your identity via SMS when logging into your account from a new device.
We have said this before and we will continue to say this until all sites and services listen.
To protect your account from unauthorized access, it's not enough to use SMS verification or two-factor authentication.
You should use a dedicated two-factor authentication app whenever possible. Two-factor authentication apps require physical access to a piece of hardware (usually a smartphone) to complete the account login process.
SMS is not as secure as you think. Even if SMS hijacking victims are rare, this news makes it clear that hijacking is not impossible.
Two-factor authentication is more secure
Two-factor authentication is much more secure.
First, the attacker has to get hold of your phone.
In addition, if you bypass the set security system (fingerprint or face recognition) to unlock it and break through the security (PIN, etc.) set in the two-factor authentication app, your account will be cannot be invaded.
By then, the attackers would have given up, or you'd have been better off resetting two-factor authentication, setting up a non-trivial account on another device, and disabling the old verification code.
There are monitoring services that will alert you if your SMS is forwarded to another phone number, but I don't think you need to bother with it (the aforementioned Medium author is one of those companies Chief Information Officer at Okey).
Of course, if you are interested, you can use it. There are so many services that use SNS to obtain login codes.
Precautions for security measures
If you can't use two-factor authentication at the medical service or game site you use, you can't help it if you can only use two-factor authentication. Do your best by choosing strong, unique passwords and protecting them with a good password manager app.
How secure are password managers?
Also, don't give easy-to-guess answers to your security questions. The question is like a "password" and should be treated as carefully as a password.
If you only have two-factor authentication, use it. It's not 100% secure, but enable two-factor authentication to make it as difficult as possible for attackers to break into your account.
A little more security than relying solely on your login and password combination would be nice.
There are even more extreme ways.
For example, you can use a dedicated phone number to get your login code that has nothing to do with the phone number you actually use (with Google Voice, you can set up to receive incoming messages by email, and also You can protect your Google account with two-factor authentication).
Even with this, you may not be able to completely protect yourself from random attacks.
But at least you can increase your defense against targeted attacks. Good luck.
Tile Mate (2020) Battery replacement version Find what you're looking for/Smartphone loss prevention No.1 market share in Japan and the US Smart speaker compatible [Compatible with Alexa certified product] [Japan authorized distributor] RE-19001-AP
2,300 yen
I want to read together
An application that allows you to store important personal information on your smartphone [today's life hack tool]
If you don't need Windows 10's 'secret questions', it might be safer to disable them
Source: Vice, Medium, Okey
David Murphy - Lifehacker US [original]