Featured Post

Jump for Joy with Santa and Mrs. Claus!

Friday, September 8, 2017

2FA 4EVR ... right?

Embed from Getty Images

Hackers looking to thwart one of today’s best online security tools – two-factor authentication or “2FA” – are now targeting perhaps the most ubiquitous component of the modern tech ecosystem: the mobile phone.

Or, more specifically, reports Nathaniel Popper of the New York Times, individuals’ mobile phone accounts.

As Mr. Popper writes:

Hackers have discovered that one of the most central elements of online security – the mobile phone number – is also one of the easiest to steal.

In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the control of the hackers.

Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup – as services like Google, Twitter and Facebook suggest.

And unfortunately for those who have been diligent about turning on 2FA for their major internet accounts, this attack is becoming more common.

A wide array of people have complained about being successfully targeted by this sort of attack, including a Black Lives Matter activist and the chief technologist of the Federal Trade Commission.

The commission’s own data shows that the number of so-called phone hijackings has been rising. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658.

Some slight reassurance, however: Unless your portfolio includes cryptocurrencies (think bitcoin), you’re probably not a primary target.

According to Mr. Popper:

[A] particularly concentrated wave of attacks has hit those with the most obviously valuable online accounts: virtual currency fanatics ...

[...]

The attackers appear to be focusing on anyone who talks on social media about owning virtual currencies or anyone who is known to invest in virtual currency companies, such as venture capitalists. And virtual currency transactions are designed to be irreversible.

Full story here.

Two-factor authentication still has value

Despite these new attacks, 2FA is still an important online security tool – one that’s not worth writing off just yet.

Not sure how to use 2FA to secure your accounts? The Times’s J. D. Biersdorfer has written a great explainer. Check it out here.

Just a quick note before we go: The Glen Civic Association does not recommend or endorse any online security programs, tools, or methods. It is strongly recommended that individuals independently and thoroughly research companies and their products and services before purchasing those products or subscribing to those services.