Ongoing Industry-Wide Espionage
Learn more about gray zone behind larger players.
Ongoing Industry-Wide EspionageIn: 2FA, Exploit, Social Engineering
Are you really more secure with multiple layers of security?
You have probably noticed high initiative from industry leaders to double-triple secure your account so you can regain access in case you lose password. That’s perfectly fine. It helps you recover if you lose your credentials, but does it have a downside? Yes it does.
While looking at large enterprises we are using everyday such as Google, Facebook, Twitter, LinkedIN and so on, we give trust to those companies to store and process our sensitive data. However, while all the eyes are pointed to such large enterprises, no-one is even thinking about background players who sell Two-Factor authentication security to big players. Now imagine this.
- Company X is specialized in delivering PIN codes via Phone Calls or SMS.
- That Company X eventually grows enough through mergers and acquisitions so it starts providing services to both Google, Facebook, LinkedIN, Twitter…you name it.
- Every time you decide to reset your password via your phone by SMS or Call, or even login to your ebanking platform, your supplier initiate API call towards company X asking them to send you the code.
- Let’s say person X from the company X intentionally initiate password reset with the target victim.
- Person X intercepts the message and performs Login.
Join the talk
Share your toughts on the subject or whatever you would like to know.