Cygilant Blog

T-Mobile Port Out Scam Highlights Weakness in SMS-based Multi-Factor Authentication

Posted by Trevan Marden on Feb 9, 2018

mobile_security_2.jpgAs we have all likely heard, passwords are really not very secure these days; some would say they never have been. If you must use passwords, hopefully you take a few simple steps to make them more secure, such as making them long (12-30 characters) and complex (odd characters and no patterns). Perhaps you are using a generator to make them random and avoid dictionary words, pets’ or significant others’ names. If you’re striving for extra security you may have enabled second-factor authentication, to ensure you’ll receive a text, email, or other confirmation on a device you will likely have on you.

While still a good idea to enable, T-Mobile highlighted some of the flaws to this method this week warning customers of a “port out scam” targeting its customers. The attack works when hackers contact T-Mobile employees claiming to be customers with issues that they need to resolve by transferring the number to a new phone or SIM. The hackers are then able to gain access to the phone number, used by so many systems as a second factor authentication method. With access to this second factor, they may be able to reset and gain access to financial or social accounts.

While a large number of services only enable two-factor via SMS, a growing number are supporting hardware-based tokens, such as the U2F standard embraced by Google and others. With two-factor authentications based on a hardware device, access to the physical device itself, rather than an associated number, is required. This is likely the best option available currently.

But hackers will continue to their cat-and-mouse game, finding flaws in the best systems and exploiting them to gain access. For this reason, it’s important to remain vigilant in monitoring your devices and network for anomalous activity and unpatched vulnerabilities and quickly responding to any identified issues before they lead to a data breach. For organizations with limited resources, Cygilant’s SOCVue services provide the people, process, and technology to deliver 24x7 security monitoring, vulnerability and patch mangement at affordable costs.

Curious How SOCVue Can Help? Watch Now

Most Recent Posts

Subscribe to Email Updates