[MART] - Daily Diary #598 - SMS as a Two-Factor Authentication

ctas-mat at appgate.com ctas-mat at appgate.com
Tue Sep 20 21:54:10 UTC 2022 

Hello,

I hope everyone is doing well!

Below is the entry for today.

09/20/2022 - Diary entry #598:

In our Daily Diary #420, we begin to cover malware techniques and their variations. Today, we will cover the risks of using SMS as a default Two-Factor authentication method.

Nowadays it is a must to set up additional security layers to authenticate users, preventing stolen credentials and smartphones from being used by criminals. There are some alternatives such as setting up an authenticator app, and a cell phone number to receive either a phone call or an SMS message. Then, the code received can be used to authenticate the user on online services such as banking applications, social media, and online shopping.

Along with these extra layers, users should be cautious while choosing their phone number as an authentication method. Even if the cell phone it’s password protected, some criminals are able to trick phone carriers into transferring a phone number to a new device (SIM swap attack), which no longer needs the victim’s cellphone to get the 2FA codes. By default, most cell phones display SMS notifications containing their content even if the phone is locked, therefore if the attacker has access to the phone it can read the messages through the locked screen or steal the SIM card.

We don’t recommend for users or organizations to use SMS as a second factor for authentication – instead, it’s recommended to use one-time token generators, through apps like Google Authenticator or Authy, and protect the devices with the app installed with strong authentication. If SMS must be used, it’s recommended to rely on e-SIM instead of regular SIM cards, so attackers can’t just move the SIM card to another device, and disable notifications from displaying content when the device screen is locked.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



MART

Malware Analysis and Research Team
Appgate

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220920/e731c17e/attachment.htm>

More information about the MART mailing list