Back

Cyber Security and SMS

12 June 2018, 8:00 AM
Police/Court
radiocayman

OfReg has released information warning banks and large corporations of the dangers of using two-step SMS verification.

SMS verification is typically found in any provider of an online account, such as banking, email, airline reservations, and social media. The system requires users to first log in with a user name and password. A text message is then sent to the individual, prompting them to enter a unique passcode as a form of verification that he or she is the authorised user.

However, according to information published by OfReg, this method of verification is increasingly becoming one of the least secure systems available.

By tricking mobile carriers into moving a phone number to a new device, hackers are able to spy on unaware victims in what is known as a SIM swap. Weaknesses in mobile telecom systems also allow attackers to spy on phones by listening to calls and intercepting text messages. Malware also leaves users’ SMS messages vulnerable to interception, while fake mobile sites are set up to trick users.

“Two-step SMS verification has become the norm for securing accounts,” said Alee Fa’amoe, OfReg deputy CEO and executive director ICT. “However this system is susceptible to phishing attempts by cybercriminals.”

Mr Fa’amoe continued: “Any service provider who uses SMS text messages as part of an authentication process for their customers’ online accounts could be at risk to a vulnerability that comes, not from their own systems, but from the telecommunications networks. We urge everyone to stay informed and be aware of the risks associated with SMS and its related technologies.”

Corporations like Google and Microsoft have already begun pushing users to switch from SMS verification to a system where prompts are received via a trusted app, also known as an authentication app.

“It is imperative that cyber security continues to evolve,” said Mr Fa’amoe. “With the ever-changing nature of technology, the world is faced with an ongoing struggle to combat cybercrime. Unfortunately there is no easy fix for these kinds of vulnerabilities. We can only recommend that Cayman’s organisations carefully review their processes for authorising digital transactions; doing so in a way that avoids SMS text messages.”

OfReg’s full report on the risks of text message authentication can be found at OfReg.ky.

Quick links
Talk Shows
Radio Cayman on facebook
Tweets