Your Cryptocurrency Might Be In Danger If Using Text Based Two Factor Authentication!
There is a vulnerability in the cellular network texting system which may jeopardize your cryptocurrency assets.
Texting uses the SS7 (Signalling System Number Seven) protocols worldwide. Unfortunately, SS7 vulnerabilities exist which allow eavesdropping. Here is one possible attack. Suppose a Coinbase and Gmail user configures their Gmail account to use text based two factor authentication. Here is how an attacker could obtain access to the Coinbase account:
1. Use the Gmail email address recovery procedure to determine the email address by intercepting the corresponding text.2. Use the Gmail password reset procedure to gain access by intercepting the corresponding text.3. Use the Coinbase password reset procedure specifying the Gmail email address as the username and intercepting the corresponding email.
Here is a demo of this attack:
Use other forms of two factor authentication such as with the Google Authenticator smartphone application. Of course, this will only be safe if your smartphone does not also have other vulnerabilities.
Feel free to leave any comments or questions below. You can also contact me by email at cs@etcplanet.org or by clicking any of these icons:
I would like to thank Spicyjack of the San Diego Kernel Panic Linux User Group (KPLUG) for his help with this article.
This work is licensed under the Creative Commons Attribution ShareAlike 4.0 International License.
Published at Sat, 31 Aug 2019 22:33:25 +0000
Bitcoin Pic Of The Moment
✅ This image from Marco Verch (trendingtopics) is available under Creative Commons 2.0. Please link to the original photo and the license. 📝 License for use outside of the Creative Commons is available by request.
By trendingtopics on 2019-03-27 08:30:44
