How easy is a SIM swap attack? Here’s how to prevent one

Despite the rise of cybersecurity infrastructure, online identities still face many risks, including those related to the hacking of users’ phone numbers.

In early July, LayerZero CEO Bryan Pellegrino became one of the latest victims of a SIM-swapping attack that gave hackers a temporary takeover of his Twitter account.

“My guess is that someone snatched my badge from the trash and somehow tricked the sales rep into using it as a form of ID for a SIM swap while I was away from Collision,” Pellegrino said in an interview. wrote shortly after returning to the Twitter account.

“It’s ‘Brian Pellegrino – Speaker,’ just a normal paper conference badge,” Pellegrino told Cointelegraph.

The accident involving Pellegrino could lead users to think that performing a SIM swap hack is as easy as snatching someone’s badge. Cointelegraph has contacted some cryptocurrency security firms to find out if this is the case.

What is a SIM swap hack?

SIM swap hacking is a form of identity theft in which an attacker takes over a victim’s phone number, giving them access to bank accounts, credit cards, or encrypted accounts.

In 2021, the FBI received More than 1,600 SIM swap complaints involving over $68 million in damages. Hugh Brooks, Director of Security Operations at CertiK, told Cointelegraph that complaints received have increased by 400% compared to the previous three years, indicating that SIM swapping is “definitely on the rise.”

“If SMS-based 2FA isn’t abandoned, and telecom providers don’t improve their security standards, we’re likely to see attacks continue to grow,” Brooks said.

SlowMist chief information security officer “23pds” said that SIM swapping is not very common yet, but has great potential to rise further in the near future. He said:

“As Web3 grows in popularity and attracts more people into the industry, the potential for SIM swapping attacks increases due to its relatively low technical requirements.”

The SlowMist executive cited a number of cases over the past few years involving SIM-swapping hacks in the encryption space. In October 2021, Coinbase will be officially launched disclosed Hackers have stolen the passwords of at least 6,000 customers due to a two-factor authentication (2FA) flaw. Previously, British hacker Joseph O’Connor was indicted in 2019 for multiple SIM swap hacks that stole around $800,000 in cryptocurrency.

How hard is it to perform the SIM swap hack?

According to CertiK executives, SIM-swapping hacks can often be accomplished using publicly available information or information obtained through social engineering.

“Overall, SIM swapping may be seen as a lower barrier to entry for attackers than more technically demanding attacks such as smart contract vulnerabilities or exchange hacking,” Brooks said.

SlowMist’s 23pds agree that SIM swapping does not require a high level of technical skill. He also noted that such SIM swapping is “common even in the Web2 world,” so it’s “not surprising” to see it pop up in a Web3 environment.

23pds said: “Using social engineering to deceive the relevant operator or customer service personnel is often easier to execute.”

How to prevent SIM swap hacking?

Since SIM-swapping attacks are generally considered to require little technical skill from the hacker, users must take care of their identities to prevent such hacks.

The core protection against SIM swap hacking is to restrict the use of SIM-based 2FA authentication methods. Hacken’s Budorin pointed out that people should be better off using apps like Google Authenticator or Authy, rather than relying on methods like SMS.

SlowMist’s 23pds also mentions more strategies like multi-factor authentication and enhanced account verification like additional passwords. He also strongly recommends that users establish a secure PIN or password for SIM cards or mobile phone accounts.

related: NFTs Worth Over $765,000 Stolen After Gutter Cat Gang Suffers SIM Swap Attack

Another way to avoid SIM swapping is to protect personal data such as names, addresses, phone numbers and dates of birth. 23pds by SlowMist also recommends checking online accounts for any unusual activity.

CertiK’s Brooks emphasized that platforms should also be responsible for promoting secure 2FA practices. For example, companies could require additional verification before allowing changes to account information and educate users about the risks of SIM swapping.

Additional reporting by Cointelegraph editor Felix Ng.

Magazine: Asia Express: China Expands CBDC Tentacles, Malaysia Is Hong Kong’s New Crypto Competitor

Svlook

Leave a Reply

Your email address will not be published. Required fields are marked *