Exclusive Content:

Salesforce introduces LLM benchmark for CRM

With its first LLM benchmark, Salesforce wants to support...

Convert PDF to Word: Step by step easily, quickly and without programs

Developed by Adobe in the early 90s. The PDF...

Signal and Twilio: How to avoid getting hacked with two-step SMS verification

SMS hacking.  (Photo: Masterhacks Blog)
SMS hacking. (Photo: Masterhacks Blog)

signalThe popular encrypted messaging app reports that L1,900 users’ phone numbers and text verification codes could be in the hands of hackers then twilioThe company, which provides verification verification services on the said platform, was the target of a security breach in early August.

While Signal confirms that message history, profile information, and contact information are protected, Hacking is another example of why SMS verification is not a good idea.

Context of the Twilio and Signal hack

A security breach at Twilio occurred on August 4 when Some of the company’s employees became victims of the attack Phishing And, fraudulently, they provided the attackers with their data and access codes.

The company’s statement explained that Hackers They used employee accounts to access various internal systems and steal data from some of their users. Among them is a signal, For those who provide SMS verification services.

hacker.  (Photo: REUTERS/Dado Ruvic)
hacker. (Photo: REUTERS/Dado Ruvic)

The attackers, verified by the messaging platform itself, allegedly obtained phone numbers and codes associated with them, Of its nearly 2,000 users. Signal says “a very small percentage”, but this has a very significant drawback, as it allows access to other users’ accounts.

“For approximately 1,900 customers, an attacker could have attempted to re-register their number on another device or learned that their number had been registered with Signal,” Signal said in a statement.

Account can be accessed Allow hackers to send and receive messages. They don’t have access, yes, to previous chats. No profile information or contact addresses. All of this is protected by a PIN that must be manually entered by the account holder and is not owned by Twilio.

SMS on Android.  (Photo: Spanish)
SMS on Android. (Photo: Spanish)

Signal attack proves that SMS verification is dangerous

SMS verification is a simple method to verify a user who does not need to remember a password to access their account. Platforms like Lime, Signal or WhatsApp They use it.

It is also used as an additional protection on platforms that support two-step verification. In this case, the user, in addition to defining a username and password, must enter a unique PIN code sent by SMS, which also expires after use.

However, sending these codes via SMS This is not the most ideal way, since it is relatively easy to access. Especially if it is the primary verification method (ie not used as a secondary method in a two-step verification system).

In the case of Signal, attackers were able to steal phone numbers and associated codes through a phishing attack against the company, which provides a code delivery service for the messaging platform.

But access to internal platforms by stealing employee credentials This is not the only way to steal verification codes.

Two-step verification via SMS.  (Photo: Gramanet)
Two-step verification via SMS. (Photo: Gramanet)

How to recognize these SMS scammers and what to do

Some hackers convince the victim unwittingly Sending calls to another phone number (from attackers) so that they can access your WhatsApp account, Telegram or signal.

They will then register an account on the new device. After sending the verification code via SMS, Request this key by calling.

Google Authenticator for iOS.  (Photo: Google)
Google Authenticator for iOS. (Photo: Google)

A similar thing happens with two-factor authentication (2FA). Some of them are also sent by SMS and can appear similarly. therefore It is best to use platforms that generate these random keys, such as Authy, iCloud or Google Authenticator.

However, recently WhatsApp and Signal, as well as many other platforms that continue to send codes via SMS, also provide additional access measures.

Between them, Personal code. So, in addition to entering the code received via SMS, they must also enter the access code to complete registration and use the app.

Continue reading



Source: Info Bae

Latest

Newsletter

Don't miss

Salesforce introduces LLM benchmark for CRM

With its first LLM benchmark, Salesforce wants to support companies in their search for the right LLM for their CRM systems. Salesforce launches the world's...

Convert PDF to Word: Step by step easily, quickly and without programs

Developed by Adobe in the early 90s. The PDF format was an instant success, because it came at a time when both document digitization...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

pron india eroteenies.info sex mumbai video lupusregina beta hentai hentaifile.com cumflation hentai kolkata local sexy video brostube.info desipapacom rostom padilla teleseryeepisodes.com jared bahay isai mini.com dunato.mobi tamil sex lady hentai isekai hentaiup.net hentai massive tits سكس موظف forzaarab.com افلام سكس نيك في الطيز owl hentai hentaihq.org henita manga marvadi sexi hairyporntrends.com malayalam hidden cam sex pron indian cowporn.info xvedios indian favorite seneka sex photos tubeshere.info odia six vido سكس ياباني محارم pornolodim.net نيك زوجة مصرية www xxxindin verpornos.org xxxxnxx india wap sextoyporntrends.com school fucking videos 3x blue film hindi xxxvideohd.net sex mms vedio