Thursday, September 21, 2017

This is How Hackers Can Empty Your Bitcoin Wallet And Bank Accounts Using Your Phone Number And Email Address

Nothing is safe in this 21st century anymore, and the recent happenings in the digital world make me wonder if anyone or anything is safe from those faceless prying eyes lurking in deep webs. Before now, I used to think that my bitcoin wallet is one of the safest things in the world but today I have reasons to believe that it can all go away with a few and correct punches on the computer keyboard. And in other to mitigate the risks of people online treasures being ripped away from them with technology, several companies introduced a 2-step verification which every user must pass before they can log into their accounts. 

Thought the security of this 2-step (call or SMS) based factor authentication has been long-debated and despite some known flaws in the Signalling System No. 7 (SS7), which is an internationally used telecom protocol to route texts and calls, many online entities continues to make use of it at a large scale in banking, social networking, and other services. And now a security research company known as Positive Technologies have hackers, once they get their hands on an SS7 network, can hack any online account with SMS-or-call-based 2factor authentication, by exploiting the vulnerabilities of SS7. And the hackers were also able to reset the passwords of several bitcoin wallets as well their Gmail passwords using SMS-based two-factor authentication.

The one-time password can be accessed on a variety of devices and services and this is one gigantic flaw in the SMS-based 2FA. On the other hand, the true 2FA, which is like a push notification popup, sends the verification prompt to one device. The security researchers did a video of how these vulnerabilities can be exploited.
They did a clear demonstration of how any bitcoin wallet or any other online financial account can be hacked and emptied just by intercepting the text messages containing the 2FA code while it is in transit. And hackers that choose to be referred to as security researchers can use this method to take control of any online account that is associated with that email, not just cryptocurrency accounts. This flaw puts your banking and social media accounts at risk. “This hack would work for any resource – real currency or virtual currency – that uses SMS for password recovery,” the researchers told Forbes.

However, for them to hack any account associated with 2FA, they will have to first gain access to an SS7 network, which according to them is a huge barrier, but with the right amount of fees can be bought on the deep web.

As a User, What Should I do?

Well, the SS7 flaw has been known to the telecom industries ab initio, so frankly, there isn't much you can till they work up and decrease these vulnerabilities. But you have to do well to choose a very secure alpha-numeric 20 or more digits password. And you can also use extra security tools like Google Authenticator, Google prompt, or security key for extra security. Finally, don't forget to share this article on SSL flaw attack to your friends and colleagues.

Also Read:   10 Interesting Facts About Bitcoin That You Must Know

If You Enjoyed this Post, Kindly take 5 Seconds and Share it With Your Friends on

No comments:

Post a Comment

***We ❤ to hear from you, Tell us Your views and opinion. Please note that comments are always moderated, Abusive comments won't be approved, and spammy comments are deleted automatically