Contact Us

How (M)Secure Are You?

Phone call-based authentication is vulnerable to call forwarding exploit.
  • <strong>CS Networks Logo</strong>
    LONDON, ENGLAND, April 30, 2013 /24-7PressRelease/ -- According to a research conducted by CS Networks, a global provider of mobile security and messaging products, modern technology is facing dramatic security concerns in the approaches of two-step verification, especially the phone call-based one. Results are pointing to a serious exploit. "Your calls may be forwarded at any time without your knowledge."

Recent technology developments have resulted in the merging of legacy SS7 telephone network and Internet in a bid to cut down the expenses incurred by mobile operators. There is an industry-wide adoption of those hybrid products. However, a lack of access control in the legacy network protocols that are now exposed to attacks via internet may come with a price.

According to the tests performed, more than 60% of randomly selected mobile operators are prone to unauthorized call forwarding. An attacker can easily get all the information needed, such as a customer's SIM Card IMSI, to authorize himself on the network and send a specially crafted packet activating the card forwarding service with a destination number of his choice.

In practice, an attacker with the knowledge of the customer's valid phone number can easily click on "Forgot Password" button and wait for the password reset call confirmation PIN. - It's simple as that, according to Stefan Certic, Chief Technologies Officer of CS Networks.

In a recent research paper - The Future of Mobile Security, Stefan is describing (M)Secure, a next-generation two-step authentication product relying on a patent pending call forwarding indication technology. "The goal is to prevent bad guys from stealing your sensitive data by disabling a call to an active call forwarding subscriber."

Company executives are inviting all interested service providers to a quick demonstration of the security exploit.

"All interested companies are more then welcome to apply for live demonstration of the forwarding exploit. The (M)Secure technology has already found its way to a large number of banking and financial institutions after a successful presentation at the Mobile World Congress as recent hacks of major industry players have shown that traditional authentication methods are no longer enough".

For further information, please visit the website: http://www.cs-networks.net


# # #

Read more Press Releases from Stefan Certic:


Comment on this story...

Share This Story


Email this Story

Contact Information


Stefan Certic
CS Network Solutions Limited

London
United Kingdom
Voice: +442071930447
E-Mail: Email Us Here
Website: Visit Our Website

Like This Story?


I like it! 0

Disclaimer


If you have any questions regarding information in this press release, please contact the person listed in the contact module of this page. Please do not attempt to contact 24-7 Press Release Newswire. We are unable to assist you with any information regarding this release. 24-7 Press Release Newswire disclaims any content contained in this press release. Please see our complete Terms of Service disclaimer for more information.