Using SMS for two-factor authentication is dangerous

If you’ve used any types of services on the internet in the past few years, you’ve probably heard about two-factor authorization. Essentially, it is a method of authorization that uses your password, PIN code, FaceID or fingerprint to authorize you but in addition to this, immediately requests authentication using another method – email, phone call, push notification or SMS. Two-factor authentication is a great way to protect yourself and your information on the internet, but did you know that not all methods of two-factor authentication are equally safe? In fact, security experts have been warning the general public about the dangers of using SMS for two-factor authentication, as it is fairly easy to intercept SMS messages and gain access to your accounts, private information, online banking and virtually anything else.

How can hackers intercept SMS messages during authentication?

There are several ways a hacker can intercept SMS messages sent to your phone for authentication purposes. First of all, your SMS messages can easily be intercepted by law enforcement, security services or other parties if your phone is bugged. If this happens, the people who bugged your phone will not only gain access to your phone conversations, they will also be able to get access to your email, social media and other accounts, which exposes you greatly.

Another way hackers can gain access to your SIM card is simply by claiming that they are the owner of the SIM card. Most of the time, when you lose your SIM card, you are required to present your passport to receive a duplicate. But in most cases, a copy of the passport will work just fine and hackers can take advantage of it. For instance, your passport could be scanned at a hotel, workplace or hospital, then the scan can be sold on the internet and a hacker can buy it. Once they have a scan of your passport, they print it out and get a hold of your phone number. They call you several times and note information about the phone calls. Next, they visit a cell phone company’s office claiming that they are the owner of the SIM card and it has been damaged or lost. After showing a scan of your passport and answering questions about the last few calls they receive a copy of your SIM card – done, they can now get access to any account that uses SMS authorization.

SIM card hacking software is cheap

You may think that software and equipment that’s needed to hack a SIM card is expensive, but it’s not true – anyone can buy everything needed to hack a SIM card for 30-50 dollars. Surely, a decade or two ago the necessary equipment cost upwards of several thousand dollars, but technology has come a long way since then but most people still believe that their SMS messages are safe. In fact, a hacker can easily buy all that’s needed for a few dollars, then position themselves next to your home or workplace, raise a false cellular station, intercept your SMS messages and restore access to all of your accounts in a matter of minutes.

Talk to an Expert

1. We will review your request within 2 hours and contact you.

2. We will check your company and describe the workflow.

3. We will start cybersecurity check.

    Privacy Policy

    Vitaly is a principal consultant at Hackcontrol as wall as aa business and IT thought leader. He has over 15 years of experience in consulting, account management and is a specialist in cybersecurity.