We are going to discuss about mobile identity theft today. It was half past eleven on Monday night and Matt Miller was suddenly awakened by his daughter: "Dad, I think you have hacked Twitter." This scare was the starting gun and only the tip of the iceberg of an anguished situation that led to the account of his bank blocked (mobile identity theft), a charge of $ 25,000 unrecognized and all his virtual life in the hands of others. This blogger detailed point by point his drama in an article published in ZDNET and titled History of horror SIM Swap (mobile identity theft): I have lost decades of documents and Google does not move a finger . Miller had been a victim of a phenomenon (mobile identity theft) that is more common and that has already crossed our borders: the SIM swapping.
What exactly does it consist of? The real danger of this technique is that it exploits a weak point in a powerful identity protection system: two-step verification. And it takes place this way: hackers get the victim's mobile number and identify the operator that gives them service (mobile identity theft); done this, they get in touch with this operator by posing as the owner of the line (at this point, obviously know more data of the affected, such as your ID, possibly bank account, etc.) and with this information they explain that they have lost their mobile and they want a duplicate of the SIM. Once in their power, the hackersAccess the main services of the victim by clicking on "I forgot the password" and receiving the verification codes in the line 'stolen'. From there it is a snowball that does not stop growing and the reaction time of the victim is decisive.
Also in Spain
The SIM swapping (mobile identity theft) reveals the fragility of what is, today, the most effective security system: the verification in two steps , consisting of the use of an additional device (usually the mobile) in which it is received. a temporary code (or token) that proves the identity of the user. In Spain this phenomenon is less common than in the United States, but cases are beginning to occur, although everything seems to indicate that they are more isolated. From Vodafone it was explained that the possibilities of happening in your network are, except for some error in the chain, nonexistent: in the case of requesting a duplicate of SIM "the client is always sent to face channels (store) and has The owner must always have the original child's name and the store will keep a photocopy of it. " "In the event that the customer does not want to or can go to the store, they ask for a DNI or 4-digit password (previously chosen previously) and it is verified that there is no recent data change," they added.
If a blogger expert in technology such as this ZDNET columnist has suffered this identity theft in his own flesh, how can ordinary people protect themselves from mortals? From this increasingly frequent event it is confirmed that the reception of an SMS is a less and less reliable system, and it is necessary to activate, in those services that support it, the verification in two factors that avoids the use of text messages and in its place employs other user devices to generate temporary codes. In the case of Apple, if you have an iPhone, you can use the iPad as a support to activate the first and vice versa.
But security can still be increased by using physical devices to verify the identity of the user, as is the case of Yubikey and the like: to access a service on an unrecognized computer, it will be necessary to introduce this pendrive and identify the user biometrically. It is, today, the highest level of protection that can be achieved.
COMMENTS