"How Device-Aware 2FA Can Defeat Social Engineering Attacks"
Hackers continue to sharpen their skills in the execution of social engineering attacks, resulting in the increased success rate at which they bypass two-factor authentication (2FA) and hijack accounts. SMS-based 2FA remains popular among financial institutions, email services, social networks, online marketplaces, and other service providers due to its convenience and ease of implementation. However, this form of 2FA is not secure because of SIM-jacking, also known as SIM-swapping, which refers to the performance of social engineering to trick mobile carriers into transferring control over a legitimate user's mobile account to threat actors. SIM-jacking can allow attackers to obtain the SMS 2FA code delivered to a victim's registered cellphone number. Security experts propose the use of a more secure version of 2FA, called device-aware 2FA, to avoid such attacks. Device-aware 2FA would not allow require a user to prove they have access to the phone number associated with the account but also the associated phone. This article continues to discuss how attackers are defeating conventional SMS-based 2FA through SIM-jacking, how device-aware 2FA can help prevent such attacks and methods for recognizing devices.
Dark Reading reports "How Device-Aware 2FA Can Defeat Social Engineering Attacks"