Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsMobile handsets2 factor authentication and mobile security issues in NZ


11 posts

Geek


Topic # 199135 5-Aug-2016 18:24
Send private message

Recently there has been some talk regarding people getting their email accounts hacked even though they are using 2FA. This was achieved by the attacker impersonating the victim by calling the victim's mobile provider and getting a replacement sim sent to the attacker, giving the attacker access to the victim's phone (and therefore access to their 2FA).

 

It has been recommended that we get a second (cheap) cellphone with a seperate sim card not linked to our identity to avoid this - does anyone have any experience with this, is it necessary or excessive?

 

By the way I've tried searching for this topic already using the Search function but the search function doesn't seem to be working (see screenshot), cheers

 

 

 

Click to see full size

Create new topic
5043 posts

Uber Geek
+1 received by user: 1618


  Reply # 1605158 5-Aug-2016 18:26
Send private message

Turn your adblocker off. Search will then work.

21389 posts

Uber Geek
+1 received by user: 4336

Trusted
Subscriber

  Reply # 1605162 5-Aug-2016 18:38
Send private message

I have a seperate phone for 2 factor now. Friend had a work phone ported to some other sim card. Telco didnt seem to care and just put it back on the right sim card. All you need to port to a prepay sim is the number and account number when I last did it, 2 things people do not really keep that closely guarded.




Richard rich.ms

BDFL - Memuneh
61192 posts

Uber Geek
+1 received by user: 11974

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1605164 5-Aug-2016 18:44
Send private message

I personally try to use an authenticator app - Authy is good as it syncs between platforms (mobile and desktop). LastPass is offering this now as well. 

 

For those few services that want to use a mobile for authentication I try using a non-NZ number I have (Google Voice) where possible.




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure  | Business Transformation | Enterprise Content Management | Customer Relationship Management

 

 

583 posts

Ultimate Geek
+1 received by user: 175


  Reply # 1605177 5-Aug-2016 19:03
Send private message

Are you referring to what's happening in the Youtube community? Popular Youtube Channels are being hacked using this method.

Example:

21389 posts

Uber Geek
+1 received by user: 4336

Trusted
Subscriber

  Reply # 1605178 5-Aug-2016 19:08
Send private message

Yes, Telcos do not take security seriously so any prick can bluff their way into getting a sim swap or else you can just do a port to 2degrees with only the phone num and account number for on account, or phone and sim number for prepaid.

 

I used to have a spreadsheet of sims to keep track of when I need to top each one up to keep it alive, stopped that since its all that is needed to steal the numbers.




Richard rich.ms

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.