SIM swapping attacks involve tricking or bribing a phone company into assigning someone else's phone number to you; once you have the number, you can intercept SMS-based two-factor authentication messages and use them to take over accounts.
Though SIM-swapping is laughably easy (thanks to lax security in the mobile phone industry), it's still not fully automatable, and so SIM-swapping attacks usually target higher-value accounts, such as valuable social media handles, domain takeovers, and cryptocurrency wallet hacks.
Last weekend, parties unknown launched a wave of SIM-swap attacks against US cryptocurrency owners, succeeding in some cases, with at least one $100k score.
Some of the targets were saved by their use of hardware tokens or mobile apps for their two-factor authentication. 2Fa is generally very effective, even against targeted attacks; using a separate app or token is an extremely powerful form of security.
ZDNet also spoke with some of the other victims over the weekend. Some candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.
One victim, who wanted to remain anonymous, said that once hackers realized access to cryptocurrency exchange accounts was not possible, intruders quickly switched tactics and targeted social media and email accounts, successfully hijacking the victim's Instagram account.
This exact same thing also appears to have happened to other users, with hackers taking over social media accounts over the past week when they realized they couldn't access cryptocurrency accounts.
Wave of SIM swapping attacks hit US cryptocurrency users [Catalin Cimpanu/Zdnet]
Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities.
Few states have voting machines that are simultaneously more obviously defective and more ardently defended by the state government than Georgia, where 16-year-old touchscreen systems are prone to reporting ballots cast by 243% of the eligible voters and where gross irregularities in election administration sends voters to the wrong polling places or sends co-habitating husbands […]
Apple's Faceid -- a facial recognition tool that unlocks mobile devices -- has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness.
There’s no shortage of stories about the benefits of cannabidiol, that benign (and non-psychoactive) cousin of THC. Some have been using it for years to deal with pain, stress, and sleeplessness. And the more people use it, the more discussion there is about how to use it. While there’s no shortage of quality edibles on […]
Are we done with capsule coffee makers yet? Sure, they’re easy. But they are not so easy on the environment, and it’s debatable whether they actually make a better cup. Luckily, there’s never been a better time to switch back to the good old reliable drip method – especially when drip coffeemakers have quietly been […]
If there’s one thing that stayed consistent through the last decade or so of tech industry turmoil, it’s the love affair between techies and Linux. There’s just a ton you can do with the OS, and its open-source format means you can customize your rig from the ground up. Apparently not content with that level […]