With the development of the digital world, the need to secure customer information evolves. Customers today are expecting secure experience from the organization. Increased use of cloudy services and mobile phones has also increased the risk of data on violations. Do you know that the total loss of shock has increased 61% to 2.3 billion krónur and the incident increased to 31% compared to 2014?
SMS-based one-time password is the technology found to deal with piracy and other authentication. Related security risks in the web world. Generally, SMS-based OTPs are used as another factor in two-step verification solutions. It requires users to submit a unique OTP after entering a credentials to confirm themselves to the website. 2FA has become an effective way to reduce computer casualties and prevent accident insurance.
But unfortunately, SMS-based OTP is no longer safe nowadays. There are two main reasons behind this:
- First, basic security SMS-based OTP is based on the privacy of the message. But this SMS is based on the security of the mobile network, and recently, many GSM and 3G networks have suggested that the privacy of these services can not be granted.
- Secondly, hackers are trying their best to prevent customer data and therefore have developed many specialized mobile nations to access customer data.
Let's talk about them in detail!
Top Risks Related to SMS-Based OTP:
The main goal of the attacker is to acquire this once password and make it possible, many options are developed as And mobile trojans, wireless interference, sim exchange attacks. Let's discuss them in detail:
1. Wireless break:
There are many factors that make GSM technology more secure, such as lack of mutual acceptance, lack of powerful Encryption alerts, etc. It has also been found that communication between mobile phones or stations can be prevented and with the help of some weaknesses of protocols, also possible to decode. In addition, it is found that by abusing femtocells, 3G communications can also be taken. In this attack, modified hardware is installed on femtocell. This mechanism includes the ability to snap and lift. You can also use these devices to fix attacks on mobile phones.
2. Trojan mobile phones:
The latest growing threats to mobile phones are mobile malwares, especially Trojans. These malwares are designed specifically to stop SMS containing one-time password. The main goal of creating such malwares is to earn money. Let's understand different types of trojans that can manage SMS-based OTPs.
The first known trojan was ZITMO (Zeus In The Mobile) for Symbian OS. This trojan was developed to stop mTANs. The trojan has the ability to get registered on Symbian OS so that when they can SMS-capture.
A similar kind of Trojan for Windows Mobile was identified in February 2011, referred to as Trojan-Spy.WinCE .Zot.a The features of this Trojan were similar to those above.
Trojans for Android and Black Berry RIM also exist. All of these known Trojans are user-installed software, and therefore they do not use security vulnerabilities from the relevant scene. Also, they use social engineering to convince the user to put double.
3. Free Public Wi-Fi and Hotspots:
Nowadays, it's no longer difficult for hackers to use an insecure WiFi network to spread malware. Planting infected software on your mobile phone is no longer a difficult task if you allow file sharing over the internet. In addition, some of the criminals also have the ability to hook up the connection points. Thus, they pop up popup during a connection process asking them to update some popular software.
4. SMS Encryption and Duplication:
Sending SMS from the Agency to Customers is presented in text form. And, I have to say, it goes through several intermediaries like SMS aggregate, mobile vendor, application management vendor, etc. And some of the consultation of hackers with weak security management can create great risks. In addition, many times, hackers get the SIM blocked by providing false identity proof and acquire duplicate SIM by visiting retail network operators. Now hackers if access to all OTP has arrived at that number.
Madware is a type of aggressive ad that helps deliver targeted ads through the Smartphone's data and location by providing free mobile apps. But some of the malware have the ability to function like Spyware so that you can capture your personal information and transfer them to the app owner.
What is the solution?
Employment Some precautions are necessary to ensure security against SMS-based vulnerability Once a password . There are many solutions here as introduce Hardware symbols. In this approach, when you do business, the icon will create a single password. Another option is to use a simple confirmation process. In addition, you may also be required to install a mobile phone to create an OTP. Below are two additional to ensure SMS-based OTP:
1. SMS end to complete encryption:
In this approach, encryption to end , To protect once a password, so its usability will be triggered if an SMS is canceled. It utilizes "patent application" on most mobile phones nowadays. This permanent storage capacity is a private entity in all applications. This information can only be obtained from the application that stores the data. In this process, the first step contains the same method of creating an OTP, but in another step, this OTP is encrypted with business software and OTP is sent to the customer's mobile phone. In the network operator, a special application shows this OTP after it has been encrypted. This means that even if Trojan can access SMS, it will not be able to decrypt OTP because no key exists.
2. Virtual dedicated mobile channel:
As phone trojans is the biggest threat to SMS-based OTP, which performs Trojan attack on a large scale is not difficult Longer, this process requires minimal support from OS and minimal-to-no support from mobile operators. In this solution there are certain SMS protection against eavesdropping by delivering them only to special channels or applications. The process requires a dedicated virtual channel in the cellular network OS. This channel directs some messages to a particular OTP application and makes them safe against deviation. The use of private storage on patents ensures security for this protection.
Finally, no matter what method you choose, no technology can guarantee you 100% security. The key here is to be attentive and up to date by rapid changes that occur in technology.
Source by Prince Kapoor