Sign In

Communications of the ACM

ACM TechNews

SIM Swapping, Poor Web Security Put Millions at Risk

View as: Print Mobile App Share:
A promotional image for the use of two-factor authentication.

Princeton University researchers have found that two-factor authentication is easily hackable and could put millions of people at risk.


Researchers at Princeton University have found that two-factor authentication (2FA)—a security measure recommended by many websites and apps—is easily hackable and could put millions of people at risk.

If a bad actor can compromise a user's phone, that will give them access to that user's online accounts.

"SIM swapping" attacks allow hackers to port phone numbers to new SIM cards. Mobile phone networks should have security measures in place to prevent this, but the Princeton researchers found that five major U.S. networks do not have sufficient protections in place.

Once hackers have control of a phone, they can reset passwords to online accounts by redirecting the 2FA confirmation texts.

The team also analyzed 140 websites for their vulnerability to SIM swapping, and found that 17 major websites were "doubly insecure," meaning they did not ever require a user to insert their password to gain access to accounts, asking only for a telephone number.

From New Scientist
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found