EDITION: US | UK | Canada
Thecapitalpost.com - Breaking, International, Business, Sports, Entertainment, Technology and Video NewsThecapitalpost.com - Breaking, International, Business, Sports, Entertainment, Technology and Video News
Sign In|Sign Up
 
 
Bridging The Gap
Your cell phone number is more important and less secure than your Twitter password
  Sunday 29 July, 2018
Your cell phone number is more important and less secure than your Twitter password

On July Fourth, hackers accessed computers at the social media aggregator Timehop. They stole 21 million user records. Timehop executives quickly realized that the most sensitive compromised records weren’t email addresses, names or even dates of birth. Their top concern was the 4.9 million stolen customer phone numbers.

The mobile phone number has become society’s primary authentication token. If you forget the password to your bank account, you recover it by entering the digits texted to your phone number. That’s how the bank “knows” you’re you.

Compared with email and online banking, there’s almost no security to protect a phone number from being stolen. Using information and tools available easily and cheaply online, “SIM swapping” attacks can be mounted against any phone number.

Once the bad guys have hijacked your phone number, they can reset your email password and lock you out while they systematically take over your online banking, retirement accounts, photos ... every aspect of your digital life. Regaining control can take days — and you might never get back easily transferred assets, like cryptocurrency.
These hacks are the new normal

Once the stuff of dystopian fiction, these attacks now occur quite a bit. Last year, Cody Brown lost thousands while he struggled to convince his phone carrier he was not the person who ported his phone number. A similar attack was launched against venture investor Fred Wilson. He caught it in time, but locking down his cyberlife while in Europe with his family was a huge scramble.

Recently, adult film stars have been under attack. Try as they might, they haven’t gained much attention outside the information security community.

The online world considers mobile numbers more fundamental to identification than Social Security numbers. Yet carriers like AT&T, T-Mobile and Verizon are sales organizations, not security organizations. They sell products, services and at best a sense of security that keeps customers happy if not actually secure.

After the Timehop breach, executives called AT&T, Sprint, T-Mobile and Verizon, offering the list of compromised numbers so they could be monitored for fraud. Two accepted the list. The other two didn’t even respond.

Some large carriers apparently aren’t concerned or don’t fully understand what victims realize very quickly: The bank can’t tell whether the “Lost Password” SMS message they sent to confirm your identity actually went to someone else. To the bank, your number is synonymous with you.

There’s risk from the carriers, too. A huge number of low-level employees are encouraged and empowered to make substantive changes to people’s accounts. How confident are you that every low-wage salesperson at every Verizon shop will resist the temptation to exploit that power?

The risk associated with mobile phone numbers remains obscure partly because it is a high-impact but relatively low-frequency event. It’s easy to send 100 million phishing messages that a lot of people will notice. It takes more time and effort to make SIM swapping pay off, so criminals target individual victims.

Because SIM-swapping attacks have mainly stayed in technical journals not often read by mainstream users, most people don’t pressure the carriers to change anything. Consumers must become more proactive. Set account passwords, insert Do-Not-Port orders on accounts, and let the carriers know that this is important. Nothing short of a public outcry will force needed changes.

Source: https://www.usatoday.com/story/opinion/2018/07/27/cell-phone-number-more-important-less-secure-twitter-password-column/820232002/

Bookmark and Share
 
Post Your Comments:
Name :
*
City / State:
*
Email address:
*
Type your comments:
*
Enter Security Code:   


 Latest News »
 
  Fact-checking Trump's Arizona ...
  Democrats want sanctuary for t...
  Nikki Haley, top Trump aide, w...
  Donald Trump, who accuses inte...
  President Donald Trump calls f...
  Donald Trump tells aides he li...
  Salman Khan and crew wows the ...
  President Trump takes swipe at...
  President Trump's July Fourth:...
  Following criticism, President...
  Navy’s planned shipbuilding sp...
  Confusion reigns in wake of Tr...
  The handshake, denuclearizatio...
  Trump to leave G-7 summit earl...
  Can Trump really do that? The ...
  Trump imposes steel, aluminum ...
  American freed from Venezuela ...
  Trump again changes tone on No...
  CIA Director Gina Haspel sworn...
  President Trump promises actio...
 

Current Conditions:
Partly Cloudy

Forecast:
Mon - Mostly Sunny. High: 57Low: 37
Tue - Sunny. High: 66Low: 47
Wed - Partly Cloudy. High: 56Low: 46
Thu - Partly Cloudy. High: 52Low: 41
Fri - Scattered Showers. High: 50Low: 39

Full Forecast at Yahoo! Weather



Washington, DC

  ©2010 The Capital Post. All rights reserved.