SIM Swapping; A Big Cyber Security Threat Or Does It Really Matter?

SIM swapping - cfamedia

Updating your password regularly, using the two-factor authentication and some other measures, are the regular suggestions to you, on curbing cybersecurity, but much of the discussions have not been on the inherent dangers, of SIM swapping, especially, if you are a business owner.

SIM swapping appears to be a big deal and you need to be very careful about it. This is because, recently, Jack Dorsey, CEO, Twitter, got his details hacked, through SIM-swapping!

It is a great deal that requires serious caution, if the Twitter account of the CEO of a company of that calibre, could get hacked, just like that, because of SIM swapping!

Luckily, the method, used in hacking, through SIM-swapping, requires quite an effort, from hackers, through some technical know-how and a significant degree of chance, to breakthrough. That is why such cases have not been recorded yet.

With the hacker having your phone number, all they need is to convince a front desk officer, (with access to your customer records), then, they go ahead to swap your contact, to their SIM.

After the Jack Dorsey’s incident, Allison Nixon, Director of Security Research, Flashpoint, noted that “If you build a website that uses SMS based 2FA and you, also, allow the same phone number for use, in password reset, you just built a self-defeating login process. And you should feel bad.”

The use of phone numbers, to serve, as security protection against cyber-attacks, is rather, faulty, since, an average password and two-factor authentication, normally involves a phone contact.

A phone number, however, has to be involved, since it allows your service provider, to authenticate that the phone you registered on their platform, belongs to you.

The truth is that our phone numbers are, really, vulnerable, but despite this, not many people are seeing it that, SIM-swapping is, a major threat to cybersecurity, since it is not a common attack.

The threat, also, presents an unfortunate case, as you try to strike a balance, between the process that, a customer ought to fulfill and the difficulty for the hacker to burst, through your details.

The more complex it gets, for the hacker, the tougher it would, also, be for your customer. The presence of complexity, in your system, might just make your customer sign up, with another service, or, product provider.

With indications, even, showing that, you have their best interest, they seek somewhere, else and this might appear a good enough reason, for most companies, to discard the threat, of SIM swapping, for the fear of losing customers.

They do not fancy its chances of happening, so, no one wants to go through the hard work, of securing their system.

Nixon suggested that accounts, where a phone number is used, to reset a password, should be placed on probation, or, require additional verification, using non-public information, in order to prevent cyber attacks, using the SIM.

Featured Image: cyberintro.net

Don’t miss important articles during the week. Subscribe to cfamedia weekly newsletter for updates.