Wednesday, 16 January 2019

Do SIM Swap Attacks make 2FA useless?

Interesting Wired article on SIM swaps. Allegedly, an attacker convinced AT&T to forward a cryptocurrency victim's calls to the attacker's SIM. They're now seeking over $200 million in damaged.

https://www.wired.com/story/sim-swap-attack-defend-phone/

However, my interest in SIM swaps was due to some of the recent discussions about why 2FA using SMS messages is pointless, as a SIM swap attack allows an attacker to circumvent the control. Although this is obviously possible, it still takes considerable effort on the part of the attacker and it's therefore only likely to be used in a targeted attack. For protecting accounts from opportunistic attacks, I think this still remains a very viable option. An authentication app, like Google or Microsoft Authenticator, would obviously be much better.

No comments:

Post a Comment