Ongoing Industry-Wide Espionage

Learn more about gray zone behind larger players.

Ongoing Industry-Wide Espionage

In: 2FA, Exploit, Social Engineering

Are you really more secure with multiple layers of security?

You have probably noticed high initiative from industry leaders to double-triple secure your account so you can regain access in case you lose password. That’s perfectly fine. It helps you recover if you lose your credentials, but does it have a downside?
Yes it does.

While looking at large enterprises we are using everyday such as Google, Facebook, Twitter, LinkedIN and so on, we give trust to those companies to store and process our sensitive data.

However, while all the eyes are pointed to such large enterprises, no-one is even thinking about background players who sell Two-Factor authentication security to big players.

Now imagine this.

  • Company X is specialized in delivering PIN codes via Phone Calls or SMS.
  • That Company X eventually grows enough through mergers and acquisitions so it starts providing services to both Google, Facebook, LinkedIN, Twitter…you name it.
  • Every time you decide to reset your password via your phone by SMS or Call, or even login to your ebanking platform, your supplier initiate API call towards company X asking them to send you the code.


Now What?

Well, a person in company X can virtually get access to any part of your digital life, including social profiles, chat’s, contacts, messages, places you visit, as well as your bank account.

How?

  • Let’s say person X from the company X intentionally initiate password reset with the target victim.
  • Person X intercepts the message and performs Login.


This opens a whole new chapter in Internet security as IT is getting more and more centralized. You are not getting safety, but getting open and venerable as never before. Imagine a black market of industrial espionage utilizing these techniques?

The first scenario shows how it should be.



But the second one, show's how it is when someone needs your data.





Stefan Ćertić
Share the Fun!

Sharing is caring, and sharing is easy! made it easy!

Join the talk

Share your toughts on the subject or whatever you would like to know.

Recent Posts

Stay up to date with latest toughts on Technology!

Industry Espionage - Get any Account Jul 15th 2016 Android IMAP disclosure? Jul 15th 2015
Categories

Browse blog post by popular tags.

Share Page

Back to Top