This balancing act is complicated
Posted: Sun Dec 22, 2024 8:45 am
This balancing act is complicated and inherently imperfect.” They do encourage the use of VoIP numbers , which cannot prove ownership of a device. You can read more about NIST’s recommendations for out-of-band authenticators in Special Publication 800-63b . No security solution is perfect SMS was not designed to be a security tool, and it eventually became one anyway. But attacks require varying levels of skill and money to implement. Security researcher Roger Piqueras Jover analyzed SIM swap attacks and found that while the attack is cheap, it takes a long time and leaves a trail.
“While [ SIM swaps are] a widely recognized security risk in America and philippines whatsapp number Europe, [they pose] a much more muted threat in African nations.” A bank in Mozambique can verify recent SIM swap activity with a cellular operator, a strategy that has “reduced SIM swap-based banking fraud to nearly 0 overnight.” That’s why Twilio is investing in solutions to help businesses defend against SIM swapping and account takeovers. The same research showed that while an SS7 attack is fast, it is costly and requires specific knowledge of SS7 protocols and access to an SS7 network. Recent reports of message forwarding services being abused to redirect messages to an attacker are concerning, but security researchers are actively exposing this abuse and have built tools to help detect this type of attack.
Most of these weaknesses could be exploited with targeted attacks, those where you have a specific victim in mind. “If your threat model is such that you are in the public eye (journalist, activist, etc.), then this is even more important for you - people in the public eye are more likely to be targeted by criminals,” tweeted expert Rachel Tobac . One important mitigation that businesses can – and should – offer their customers is the option to enable stronger authentication methods, especially for people who might be targets. Depending on the service, additional protections could be required, based on an account value threshold, such as financial balance or number of social media followers.
“While [ SIM swaps are] a widely recognized security risk in America and philippines whatsapp number Europe, [they pose] a much more muted threat in African nations.” A bank in Mozambique can verify recent SIM swap activity with a cellular operator, a strategy that has “reduced SIM swap-based banking fraud to nearly 0 overnight.” That’s why Twilio is investing in solutions to help businesses defend against SIM swapping and account takeovers. The same research showed that while an SS7 attack is fast, it is costly and requires specific knowledge of SS7 protocols and access to an SS7 network. Recent reports of message forwarding services being abused to redirect messages to an attacker are concerning, but security researchers are actively exposing this abuse and have built tools to help detect this type of attack.
Most of these weaknesses could be exploited with targeted attacks, those where you have a specific victim in mind. “If your threat model is such that you are in the public eye (journalist, activist, etc.), then this is even more important for you - people in the public eye are more likely to be targeted by criminals,” tweeted expert Rachel Tobac . One important mitigation that businesses can – and should – offer their customers is the option to enable stronger authentication methods, especially for people who might be targets. Depending on the service, additional protections could be required, based on an account value threshold, such as financial balance or number of social media followers.