Every single internet account might become a target.
LONDON, ENGLAND, July 05, 2017 /24-7PressRelease/ -- "Every single internet account might become a potential victim of industrial espionage and as such, potential target" - According to Stefan Certic, a security researcher who gained recognition in 2013 demonstrating a vulnerability within 3G Mobile standard allowing unauthorized call forwarding without user consent.
According to Certic, those attacks might be targeted towards certain individuals via the very sophisticated scheme. It's the matter of topology flaw within 2 Factor Authentication and stock-alike trading system utilized by Telecom Industry.
Despite calls from vendors around the globe to secure social media, email accounts even bank logins using Phone / SMS verification, the method is rather unsafe according to a researcher. The Telecom Exchange market is a stock-alike platform. Those industry players, providing the best price immediately gets the traffic. And as such, we assume your password reset messages too.
There is no mechanism in place that prevents one small company competing on the roaming exchange market to drop the price of messaging specifically for your mobile operator, initiate the password reset, then intercept that message on their own platform gaining unauthorized access that could be sold to someone. In fact, the losses from the price that is below the industry standard lead into fictitious losses - therefore significant tax benefits, while Tax free profit is made of the black-market trades.
Certic documented whole scenario including the specific case under his publication "2 Factor Authentication (2FA) vulnerabilities" downloadable from his website (https://www.certic.info/publications.php) The Case Study indicates the hack that took place in 2016.
In a conclusion, it's far better to secure your sensitive data using various OTP applications already available. As long you can retrieve your password by using an SMS or Voice code, you might not be secure at all.
Stefan Certic gained recognition in the field of Cyber Security shortly after publishing the academic paper. "The Future of Mobile Security" describing vulnerability within 3G standards, allowing call forwarding without user consent. Followed by a demonstration of the exploit within Mobile World Congress - Barcelona, it has been discussed within the technology community leading to multiple academic researchers in the field of Mobile Security. Prior to his research projects, he built a successful career as Chief Technology Officer and Chief Security Consultant for multiple British Mobile Operators. Official Web: https://www.certic.info
# # #