comscore Hackers can steal your emails, bank details, social media passwords with just your mobile number: Report
News

Hackers can steal your emails, bank details, social media passwords with just your mobile number: Report

The much hyped two-factor authentication is not as secure afterall!

  • Published: September 20, 2017 5:34 PM IST
hacked

The vulnerability of Signalling System No. 7 (SS7), which enables SMS-based two-factor authentication, has long been debated. And a recent research has pointed out another gaping flaw in the system, making the need for action even more urgent. In a video demonstration, white hackers aka researchers from Positive Technologies showed how they were able to take control of a bitcoin wallet, and start pilfering funds via the SS7 flaws. They were even able to reset Gmail passwords using two-factor authentication. Also Read - Starlink told to get license before offering satellite-based internet services in India by govt

Also Read - WhatsApp violates Indian users' rights by denying dispute resolution claims Centre

Essentially, a big flaw that was found the the SMS-based two-factor authentication is that the one-time password can be accessed on a variety of devices and services, which might have their own flaws. Which means, the attack surface increases. Whereas, a true two-factor authentication, which is like a push notification popup, sends the verification prompt to one device. Also Read - Happy Dusshera 2021 messages, images, stickers, quotes: How to create, send Happy Vijayadashami greetings via WhatsApp

If you look at the video above, just by intercepting the text messages in transit, the hackers are able to take control of a Gmail account and any other service associated with it. Which means, not just your bitcoin or emails, this flaw puts your banking and social media accounts at risk too. This hack would work for any resource real currency or virtual currency that uses SMS for password recovery, the researchers told Forbes. ALSO READ: Not just personal computers, ships and aircrafts are hackable too

The only challenge in this is for the hacker to gain access to the SS7 network. Unfortunately for us, cybercriminals can buy the access on the dark web. In the past, at least at one occasion, SS7 was used to empty bank accounts. According to Forbes, many surveillance companies are also selling services to spy using SS7 flaw.

Surveillance companies, such as Israeli firm Ability Inc., are also actively selling services to spy on targets over the SS7 network. Ability’s Unlimited Inteception app has sold for as much as $5 million, though the cost can go up to $20 million, the firm’s CEO told Forbes last year. ALSO READ: Hacker reveals how a bug in Air India, ClearTrip, SpiceJet apps could have allowed one to roam the world for free

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: September 20, 2017 5:34 PM IST



new arrivals in india

Best Sellers