This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration. Need a new registration confirmation email? Click here
April 30, 2013 /PRNewswire/ -- According to a research conducted by
CS Networks, a global provider of mobile security and messaging products, modern technology is facing dramatic security concerns in the approaches of two-step verification, especially the phone call-based one. Results are pointing to a serious exploit. "Your calls may be forwarded at any time without your knowledge."
Recent technology developments have resulted in the merging of legacy SS7 telephone network and Internet in a bid to cut down the expenses incurred by mobile operators. There is an industry-wide adoption of those hybrid products. However, a lack of access control in the legacy network protocols that are now exposed to attacks via internet may come with a price.
According to the tests performed, more than 60% of randomly selected mobile operators are prone to unauthorized call forwarding. An attacker can easily get all the information needed, such as a customer's SIM Card IMSI, to authorize himself on the network and send a specially crafted packet activating the card forwarding service with a destination number of his choice.
In practice, an attacker with the knowledge of the customer's valid phone number can easily click on "Forgot Password" button and wait for the password reset call confirmation PIN. - It's simple as that, according to
Stefan Certic, Chief Technologies Officer of CS Networks.
In a recent research paper -
The Future of Mobile Security, Stefan is describing (M)Secure, a next-generation two-step authentication product relying on a patent pending call forwarding indication technology. "The goal is to prevent bad guys from stealing your sensitive data by disabling a call to an active call forwarding subscriber."
Company executives are inviting all interested service providers to a quick demonstration of the security exploit.