Contact Us

Think Twice Before You Secure Account with SMS

Information security researcher points - customer accounts might be exposed on the Dark Web.
  • <strong>Stefan Ćertić</strong>
  • <strong>Security, Public Domain</strong>
  • <strong>Google password reset code</strong>
  • <strong>LinkedIN</strong>

Every single internet account might become a target.

    LONDON, ENGLAND, July 05, 2017 /24-7PressRelease/ -- "Every single internet account might become a potential victim of industrial espionage and as such, potential target" - According to Stefan Certic, a security researcher who gained recognition in 2013 demonstrating a vulnerability within 3G Mobile standard allowing unauthorized call forwarding without user consent.

According to Certic, those attacks might be targeted towards certain individuals via the very sophisticated scheme. It's the matter of topology flaw within 2 Factor Authentication and stock-alike trading system utilized by Telecom Industry.

Despite calls from vendors around the globe to secure social media, email accounts even bank logins using Phone / SMS verification, the method is rather unsafe according to a researcher. The Telecom Exchange market is a stock-alike platform. Those industry players, providing the best price immediately gets the traffic. And as such, we assume your password reset messages too.

There is no mechanism in place that prevents one small company competing on the roaming exchange market to drop the price of messaging specifically for your mobile operator, initiate the password reset, then intercept that message on their own platform gaining unauthorized access that could be sold to someone. In fact, the losses from the price that is below the industry standard lead into fictitious losses - therefore significant tax benefits, while Tax free profit is made of the black-market trades.

Certic documented whole scenario including the specific case under his publication "2 Factor Authentication (2FA) vulnerabilities" downloadable from his website (https://www.certic.info/publications.php) The Case Study indicates the hack that took place in 2016.

In a conclusion, it's far better to secure your sensitive data using various OTP applications already available. As long you can retrieve your password by using an SMS or Voice code, you might not be secure at all.

Stefan Certic gained recognition in the field of Cyber Security shortly after publishing the academic paper. "The Future of Mobile Security" describing vulnerability within 3G standards, allowing call forwarding without user consent. Followed by a demonstration of the exploit within Mobile World Congress - Barcelona, it has been discussed within the technology community leading to multiple academic researchers in the field of Mobile Security. Prior to his research projects, he built a successful career as Chief Technology Officer and Chief Security Consultant for multiple British Mobile Operators. Official Web: https://www.certic.info


# # #

Read more Press Releases from Stefan Certic:


Comment on this story...

Share This Story


Email this Story

Contact Information


Stefan Certic
Stefan Certic

London, GB
United Kingdom
Voice: +442081444483
E-Mail: Email Us Here
Website: Visit Our Website
Blog: Visit Our Blog
Follow Us:

Like This Story?


I like it! 0

Disclaimer


If you have any questions regarding information in this press release, please contact the person listed in the contact module of this page. Please do not attempt to contact 24-7 Press Release Newswire. We are unable to assist you with any information regarding this release. 24-7 Press Release Newswire disclaims any content contained in this press release. Please see our complete Terms of Service disclaimer for more information.