The use of SMS for 2FA authentication has always been popular among crypto users thanks to the convenience of many users who are already trading crypto on their phones. Why wouldn’t they use SMS?
Unfortunately, scammers have recently begun to exploit this vulnerability embedded in this security through SIM-swapping, or the process of redirecting a person’s SIM card to a phone owned by a hacker. by in many places around the world Employees involved will not ask for an identity card, face identification, or social security number. to handle simple migration requests
Combined with a quick search for publicly available personal information. And by using easy-to-guess recovery questions, imposters can quickly move the victim’s SMS 2FA account to their phone.
Earlier this year, many crypto YouTubers fell victim to a SIM-swap attack in which hackers posted a scam video.in their channel with a message instructing viewers to transfer money to the hacker’s wallet. And in June, Duppies, the Solana nonfungible token (NFT) project, hacked their official Twitter account via SIM-Swap.
Jesse Leclere, CertiK’s security expert, said CertiK has helped more than 3,600 projects secure $360 billion in digital assets. And more than 66,000 vulnerabilities have been detected since 2018.
“SMS 2FA is just better than nothing. But it is the most vulnerable form of 2FA in use today. Its appeal comes from its ease of use. Because most people use their phones or carry them close to them when logging into online platforms. But the SIM-swapping vulnerability cannot be assessed.”
Leclerc explains that dedicated authentication apps such as Google Authenticator, Authy or Duo offer the same convenience as SMS 2FA, but reduce the risk of SIM-swapping. A phishing attack involving SIM swap? For Leclerc, the answer is no.
“We must remember that SIM-swap attacks rely on identity spoofing. If attackers can trick employees at telecom companies into thinking they actually own the number of legitimate numbers attached to the SIM, they can for eSIMs too.”
Finally, Leclere says that in addition to using an authentication app or security key, using a password manager makes it easier to create strong passwords without having to reuse them across multiple websites. “A strong, unique password and no SMS 2FA is the best form of account security,” he said.
The post CertiK reveals that SMS is the most ‘Most risky’ in 2FA implementation appeared first on Bitcoin Addict.