apops - Fotolia
SIM swapping is reportedly on the rise. How do SIM swaps work, and what are the best ways to prevent it?
Mobile phones are often an important part of two-factor authentication (2FA) processes, but they have certain security risks like ordinary single-factor password processes. For devices connected to cellular networks, SIM swaps can open a path for attackers to bypass authentication.
SIM swaps occur when a malicious actor using social engineering techniques convinces a cellphone carrier to switch the target's phone number to a new device. This can give the attacker access to bank accounts, credit card numbers and other sensitive information when 2FA systems use Short Message Service (SMS) -- ordinary text messages -- to send authentication codes to victims.
An in-depth report about SIM swaps and their impact was published last year by Brian Krebs, an information security journalist. Krebs found stealing cryptocurrency was one of the highest profile types of SIM swap attack. In addition, the same attack could be used to access any 2FA system that relies on SMS authentication codes.
In one example, an attacker executed a SIM swapping attack against its target and was able to steal its cryptocurrency. The same attack could be conducted against banks or other financial accounts that rely on SMS for 2FA.
To defend against these attacks, Krebs suggested using an authentication app like Google Authenticator or hardware token-based authentication. If your carrier allows it, using a customer support password may also help.
Given the rise in attacks using SIM swaps, pressuring your cellular carrier to improve its operational security around SIM cards and accounts may also be needed. Migrating away from SMS-based authentication should be considered.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Mobile application security best practices
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.