Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




77 posts

Master Geek
+1 received by user: 15

Subscriber

Topic # 246671 15-Feb-2019 17:49
Send private message quote this post

Overseas you tube tech channels say that using SMS for 2FA is not very effective; thieves just have to persuade a telco to do a SIM swap on your phone number.  However, that's what the ASB gives me for my personal accounts.

 

(I have access to a business account at the ASB and an RSA code generator is used.)

 

Has the SIM swap attack been used in NZ?  Should I ask the ASB to do better?


Create new topic
14507 posts

Uber Geek
+1 received by user: 2669

Trusted
Subscriber

  Reply # 2181070 15-Feb-2019 18:23
Send private message quote this post

Theoretically SMS for 2FA can be broken, and if you're a high value target then you probably want better. Hardware tokens are better. But for most people, with daily transaction limits in place, my opinion is SMS is adequate. Remember it's only to authorise transactions, so they'd need your password to log in, initiate a transaction, and then MFA to authorise it.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


674 posts

Ultimate Geek
+1 received by user: 317


  Reply # 2181115 15-Feb-2019 21:25
Send private message quote this post

You can request an RSA token for personal banking as well. I have one because SMS isn't always fast and reliable, and I refused to pay $0.20 each time the bank sent me a text when I exceeded whatever arbitrarily low transaction limit they set at the time. They no longer charge for the SMS, but they do still charge for the RSA token ($1 per month)... should be standard IMO.


 
 
 
 


5389 posts

Uber Geek
+1 received by user: 2457

Trusted
Lifetime subscriber

  Reply # 2181142 15-Feb-2019 23:01
Send private message quote this post

Both Vodafone & Spark have stopped online / over the phone SIM swaps. Not sure about 2degrees.




Chorus has spent $1.4 billion on making their xDSL broadband network faster. If your still stuck on ADSL or VDSL, why not spend from $150 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


14666 posts

Uber Geek
+1 received by user: 1969


  Reply # 2181149 16-Feb-2019 00:56
Send private message quote this post

SirHumphreyAppleby:

 

You can request an RSA token for personal banking as well. I have one because SMS isn't always fast and reliable, and I refused to pay $0.20 each time the bank sent me a text when I exceeded whatever arbitrarily low transaction limit they set at the time. They no longer charge for the SMS, but they do still charge for the RSA token ($1 per month)... should be standard IMO.

 

 

 

 

Banks like Rabodirect provide the digipass tokens free, and BNZ use a grid of numbers. But other banks like TSB charge for the token, but have sms as an alternative.


441 posts

Ultimate Geek
+1 received by user: 150


  Reply # 2181179 16-Feb-2019 09:04
Send private message quote this post

jlittle:

 

Overseas you tube tech channels say that using SMS for 2FA is not very effective; thieves just have to persuade a telco to do a SIM swap on your phone number.  However, that's what the ASB gives me for my personal accounts.

 

(I have access to a business account at the ASB and an RSA code generator is used.)

 

Has the SIM swap attack been used in NZ?  Should I ask the ASB to do better?

 

 

A SIM swap would disable your existing SIM. It would require local (NZ) presence which most thieves at that end would not be interested in as their image would likely be captured.

 

The more serious attacks involve SIM cloning. That involves local presence and a lot of work.

 

Both are theoretically possible. But are highly unlikely, in fact if you had a physical token it'd probably be easier just to nick that from you than mess around with SIMs. Or just nick your phone.


5076 posts

Uber Geek
+1 received by user: 1405

Trusted
Microsoft

  Reply # 2181181 16-Feb-2019 09:10
Send private message quote this post

any serious "hacker" is simply going to use the SS7 protocol vulnerabilities.

 

its no wonder a 1975 set of standards has vulnerabilities, when its still in used 44 years later with cost-prohibitive fixes


Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon introduces new Kindle with adjustable front light
Posted 21-Mar-2019 20:14


A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21


Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40


Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33


Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27


Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.