Princeton researchers find some carriers will help criminals steal your SIM - tuttlespeliveral

Researchers at Princeton University were questioning whether SMS text electronic messaging is a secure authentication method to use as one gene in a two-ingredien authentication (2FA) frame-up. The answer wrong-side-out out to exist a resonant no, especially as the team up started to attack prepaid plans on the largest mobile carriers.

If an attacker can increase curb of a telephone number by switching a victim's accounting to the attacker's SIM bill of fare, the attacker can then hijack the verification appendage that uses SMS by receiving the authenticating text messages instead of the victim. In cardinal out of ten attempts to steal numbers from prepaid customers connected AT&T, Verizon, and T-Mobile, researchers were able to transfer the account to their own SIM card. Attempts on Tracfone and US Mechanized were less no-hit, but those carriers were non wholly secure.

In some instances, researchers called trying to steal a user's identity and the customer service representative radio-controlled them to the correct biometric authentication answers, or only gave the attacker access straight-grained after they had guessed incorrectly. The researchers found vast repugnance, occasional failures to control personal identity completely, and generally enough weakness in the security measures policies to recommend avoiding SMS as a password authentication method acting altogether. Since the study was unconcealed to carriers last year, T-Roving has said it has updated its verification methods to be avoid fewer secure checks.

The report suggests carriers abandon all of the lousy, insecure methods currently in usance and switch to secure methods like an account password/PIN, or at to the lowest degree a unitary-time code sent straight to the substance abuser via SMS or e-mail. Umteen of the current forms of designation comparable street address, date of birth, and some credit bill information bathroom be found direct public phonograph record searches. Identifying info, such as the date of the victim's subterminal defrayal or the sound numbers of recent callers, can be manipulated or spoofed to fool representatives. Websites are also recommended to cease using SMS as part of a multi-factor authentication scheme.

Two-factor authentication: Everything you want to know

Improve and enhance your text messaging threads with these apps

Text ME back

Better and enhance your text messaging threads with these apps

Text messaging is a core component of a mobile earphone's functionality. Android is beatified with many, some, many divergent apps to handle text messages for you, merely atomic number 3 with any class of app. These are the best of the best to text your bestie with.