Some mobile phone operators have recently expressed concern about this new form of computer attack that is beginning to develop.
We are talking about "SIM swapping." In France, the major players in mobile telephony have decided to come together to propose a common solution. These include Free, SFR, Bouygues, Telecom and Orange.
This article will also interest you: SIM Swapping, a new form of it security hazard
Online payments services will now be able to detect a change in SIM card and propose automatically terms and conditions very strong authentication.
The voice mobile operators of the French Mobile Multimedia Association (AEMM) have announced that very soon, a solution will be offered, to users of their services, to strengthen the security of their SIM card. The single-use validation code that made the virtual transaction secure will be strengthened, particularly with regard to online payments. Especially when we know that for some time, criticism has increased about this method of authentication and the laxity of operators in the face of the problem it posed. Since it was discovered that SIM card identities could be easily spoofed, the French mobile giants have decided to do everything possible to put an end to them.
Moreover, this pressure must also be extended to e-commerce giants and banking institutions. Because a European directive recommends that everyone adopt new, more secure measures for authentication during transactions. If some of the companies involved have already started to reorganize their authentication method, we will say that we are in the transition phase because it is to be expected 3 years of full effective implementation. The hacking of Twitter boss Jack Dorsey, which is obviously blamed on single authentication, has appealed to many.
Indeed, the hackers managed to convince mobile phone operators to transfer Jack Dorsey's SIM card to another SIM card that they already had control over. As a result, they managed to get this authentication code allowing him to access his site. It just took some easily accessible personal information. And the vulnerability of the mobile operator did the rest.
This technique, called SIM swapping, demonstrates how important it was for mobile operators to review the single-use SMS authentication system. for the time being more details have not yet been given on the solution that will be proposed by the Association of Mobile Service Providers, however, we can remember that it "allows online service providers to know if the SIM card has been changed recently and to better judge the risk that an authentication based on it (…) If the SIM card is considered too recent, another method of authentication may always be offered to the Internet user or mobile user."
However, it will take until 2020 to be able to hope to benefit from such protection. But we are told that the solution is being rolled out.
Now access an unlimited number of passwords: