Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




88 posts

Master Geek

Subscriber

# 246671 15-Feb-2019 17:49
Send private message

Overseas you tube tech channels say that using SMS for 2FA is not very effective; thieves just have to persuade a telco to do a SIM swap on your phone number.  However, that's what the ASB gives me for my personal accounts.

 

(I have access to a business account at the ASB and an RSA code generator is used.)

 

Has the SIM swap attack been used in NZ?  Should I ask the ASB to do better?


Create new topic
15395 posts

Uber Geek

Trusted
Subscriber

  # 2181070 15-Feb-2019 18:23
Send private message

Theoretically SMS for 2FA can be broken, and if you're a high value target then you probably want better. Hardware tokens are better. But for most people, with daily transaction limits in place, my opinion is SMS is adequate. Remember it's only to authorise transactions, so they'd need your password to log in, initiate a transaction, and then MFA to authorise it.


1047 posts

Uber Geek


  # 2181115 15-Feb-2019 21:25
Send private message

You can request an RSA token for personal banking as well. I have one because SMS isn't always fast and reliable, and I refused to pay $0.20 each time the bank sent me a text when I exceeded whatever arbitrarily low transaction limit they set at the time. They no longer charge for the SMS, but they do still charge for the RSA token ($1 per month)... should be standard IMO.


 
 
 
 


5577 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2181142 15-Feb-2019 23:01
Send private message

Both Vodafone & Spark have stopped online / over the phone SIM swaps. Not sure about 2degrees.




Chorus has spent $1.4 billion on making their xDSL broadband network faster and even more now as they are upgrading their rural Conklins. If your still stuck on ADSL or VDSL, why not spend $195 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


15271 posts

Uber Geek


  # 2181149 16-Feb-2019 00:56
Send private message

SirHumphreyAppleby:

 

You can request an RSA token for personal banking as well. I have one because SMS isn't always fast and reliable, and I refused to pay $0.20 each time the bank sent me a text when I exceeded whatever arbitrarily low transaction limit they set at the time. They no longer charge for the SMS, but they do still charge for the RSA token ($1 per month)... should be standard IMO.

 

 

 

 

Banks like Rabodirect provide the digipass tokens free, and BNZ use a grid of numbers. But other banks like TSB charge for the token, but have sms as an alternative.


436 posts

Ultimate Geek
Inactive user


  # 2181179 16-Feb-2019 09:04
Send private message

jlittle:

 

Overseas you tube tech channels say that using SMS for 2FA is not very effective; thieves just have to persuade a telco to do a SIM swap on your phone number.  However, that's what the ASB gives me for my personal accounts.

 

(I have access to a business account at the ASB and an RSA code generator is used.)

 

Has the SIM swap attack been used in NZ?  Should I ask the ASB to do better?

 

 

A SIM swap would disable your existing SIM. It would require local (NZ) presence which most thieves at that end would not be interested in as their image would likely be captured.

 

The more serious attacks involve SIM cloning. That involves local presence and a lot of work.

 

Both are theoretically possible. But are highly unlikely, in fact if you had a physical token it'd probably be easier just to nick that from you than mess around with SIMs. Or just nick your phone.


5216 posts

Uber Geek

Trusted
Microsoft

  # 2181181 16-Feb-2019 09:10
Send private message

any serious "hacker" is simply going to use the SS7 protocol vulnerabilities.

 

its no wonder a 1975 set of standards has vulnerabilities, when its still in used 44 years later with cost-prohibitive fixes


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.