SIM Swapping: Trust Google?
March 2, 2019
Anyone holding crypto currency should be aware by now of SIM swapping, a hacking technique that involves tricking telecom companies into redirecting the victim’s phone number to the attacker’s device. Now, The Next Web tells us, “Google’s Head of Account Security Has Fix for Crypto currency SIM-Swapping.” Note that the fix involves a physical device, not just a download. Writer David Canellis explains:
“An overt reliance on SMS-based two-factor authentication (2FA) systems has only compounded the problem. While these are regarded as an upgrade to traditional verification methods like usernames and passwords, SMS-based 2FA presents cybercriminals with a clear attack vector. If hackers can take control of a phone number, it would be them who receive the special codes, allowing instant access to sensitive information.
We also noted:
“Google is one of many tech giants to present a solution. It released its Titan Keys last August, a $50 set of hardware devices that cryptographically ties particular devices to accounts, effectively keeping anyone without a registered device at bay. Users connect the Key to a device, such as a laptop or a smartphone, and sign into the account they wish to protect. This can be done via USB, NFC, or Bluetooth. A button then is pressed on the Key which will cryptographically register the device to a user account. It’s not exactly necessary to carry around the Keys, but users will need to have at least one handy to sign in. Purchasers of Titan Keys can also enroll in Google’s Advanced Protection Platform, which provides a supplementary bundle of security measures.”
Canellis notes that crypto currency makes for a tempting target. While typical attacks net hackers a fraction of a cent per victim, a bad actor can make thousands of dollars from one successful attack. The Titan Keys work because they cut out the telecoms—there is no one for hackers to bamboozle. Navigate to the source article for more information on the device and how it works. Canellis observes what could be taken as a warning—today’s world of online banking and mobile apps makes for a less secure banking environment than we older folks grew up with.
Whom do we trust? Google? Another third party?
Cynthia Murrell, March 2, 2019