{"id":4920,"date":"2016-08-04T12:51:18","date_gmt":"2016-08-04T04:51:18","guid":{"rendered":"http:\/\/staging.bankvaultonline.com\/?p=4920"},"modified":"2016-08-04T12:51:18","modified_gmt":"2016-08-04T04:51:18","slug":"phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/","title":{"rendered":"Phone Hacking: SMS security codes so unsafe they will be banned"},"content":{"rendered":"<p>Security codes sent by SMS to your mobile phone for logging on to websites such as online banking have proven to be so unsecure that the US National Institute of Standards and Technology (NIST) <a href=\"http:\/\/www.cio.com.au\/article\/604089\/sms-based-two-factor-authentication-may-headed-door\/\">has now moved to ban their use<\/a>.<\/p>\n<p>Two-factor authentication using SMS codes is extremely widespread, and BankVault has long argued two factor solutions <a href=\"https:\/\/www.bankvaultonline.com\/news\/blog\/bankvault-fills-security-gaps-for-secure-logon\/\">are not enough<\/a>.<\/p>\n<p>The glaring security weakness of mobile voice and text messages was magnificently highlighted by <a href=\"http:\/\/www.9jumpin.com.au\/show\/60minutes\/stories\/2015\/august\/phone-hacking\/\">60 Minutes in mid-2015<\/a>, when hackers working from Berlin (with permission) were able to easily access and record the mobile phone conversations and text messages of Australian Senator Nick Xenaphon. The hackers were only provided with the Senator\u2019s mobile number.<\/p>\n<p>Senator Xenaphon said at the time, \u2018<em>This is actually quite shocking because it affects everyone. It means anyone with a mobile phone can be hacked, can be bugged, can be harassed.<\/em>\u2019<\/p>\n<p>The 60 Minutes episode also went on to demonstrate how another approach using a device known as an <a href=\"https:\/\/en.wikipedia.org\/wiki\/IMSI-catcher\">IMSI Catcher<\/a> \u2013 essentially a fake mobile phone tower, can be used to intercept mobile connections to the phone tower, forcing down the connection from 3 or 4G, to the far weaker encryption of 2G which is easily cracked.<\/p>\n<p>The program even shows that suspected IMSI Catchers were actively in operation around Sydney\u2019s eastern suburbs and stock exchange.<\/p>\n<p>In both hacking examples, SMS and voice messaging are completely vulnerable, yet people\u2019s livelihoods, businesses and finances utterly depend on them. An IMSI Catcher can be purchased online from sites such as Alibaba for just AU$1-2000.<\/p>\n<p>The vulnerability of SMS-based authentication <a href=\"http:\/\/www.zdnet.com\/article\/sms-tokens-are-vulnerable-to-interception-experts-warn\/\">isn\u2019t new<\/a>, but the move by NIST raises the stakes dramatically. NIST also recommends the use of alternative solutions, in fact, one of its recommendations specifies the benefits of physical USB devices\u2014just like BankVault Business.<\/p>\n<p>BankVault offers a secure solution for logging on, and much more. Revelations like these highlight how BankVault is leading the world with the safest and most secure approach possible.<\/p>\n<p><em>How safe do you feel with SMS\u00a0security codes to protect your bank accounts?\u00a0Share how you feel about the NIST recommendations on the BankVault Facebook page, and follow us there to keep up with the latest hacking news from around Australia and the world.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security codes sent by SMS to your mobile phone for logging on to websites such as online banking have proven to be so unsecure that the US National Institute of Standards and Technology (NIST) has now moved to ban their use. Two-factor authentication using SMS codes is extremely widespread, and BankVault has long argued two [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":5701,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[],"class_list":["post-4920","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Phone Hacking: SMS security codes so unsafe they will be banned - BankVault<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phone Hacking: SMS security codes so unsafe they will be banned - BankVault\" \/>\n<meta property=\"og:description\" content=\"Security codes sent by SMS to your mobile phone for logging on to websites such as online banking have proven to be so unsecure that the US National Institute of Standards and Technology (NIST) has now moved to ban their use. Two-factor authentication using SMS codes is extremely widespread, and BankVault has long argued two [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/\" \/>\n<meta property=\"og:site_name\" content=\"BankVault\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/BankVaultOnline\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-08-04T04:51:18+00:00\" \/>\n<meta name=\"author\" content=\"BankVault\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:site\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BankVault\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phone Hacking: SMS security codes so unsafe they will be banned - BankVault","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/","og_locale":"en_US","og_type":"article","og_title":"Phone Hacking: SMS security codes so unsafe they will be banned - BankVault","og_description":"Security codes sent by SMS to your mobile phone for logging on to websites such as online banking have proven to be so unsecure that the US National Institute of Standards and Technology (NIST) has now moved to ban their use. Two-factor authentication using SMS codes is extremely widespread, and BankVault has long argued two [&hellip;]","og_url":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/","og_site_name":"BankVault","article_publisher":"https:\/\/www.facebook.com\/BankVaultOnline\/","article_published_time":"2016-08-04T04:51:18+00:00","author":"BankVault","twitter_card":"summary_large_image","twitter_creator":"@bankvaultonline","twitter_site":"@bankvaultonline","twitter_misc":{"Written by":"BankVault","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/#article","isPartOf":{"@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/"},"author":{"name":"BankVault","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639"},"headline":"Phone Hacking: SMS security codes so unsafe they will be banned","datePublished":"2016-08-04T04:51:18+00:00","dateModified":"2016-08-04T04:51:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/"},"wordCount":384,"publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"image":{"@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/#primaryimage"},"thumbnailUrl":"","articleSection":["IT security news"],"inLanguage":"en-AU"},{"@type":"WebPage","@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/","url":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/","name":"Phone Hacking: SMS security codes so unsafe they will be banned - BankVault","isPartOf":{"@id":"https:\/\/www.bankvault.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/#primaryimage"},"image":{"@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/#primaryimage"},"thumbnailUrl":"","datePublished":"2016-08-04T04:51:18+00:00","dateModified":"2016-08-04T04:51:18+00:00","breadcrumb":{"@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/"]}]},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.bankvault.com\/phone-hacking-sms-security-codes-so-unsafe-they-will-be-banned\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bankvault.com\/"},{"@type":"ListItem","position":2,"name":"Phone Hacking: SMS security codes so unsafe they will be banned"}]},{"@type":"WebSite","@id":"https:\/\/www.bankvault.com\/#website","url":"https:\/\/www.bankvault.com\/","name":"BankVault","description":"cybersecurity","publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bankvault.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/www.bankvault.com\/#organization","name":"BankVault","url":"https:\/\/www.bankvault.com\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","contentUrl":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","width":1212,"height":275,"caption":"BankVault"},"image":{"@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/BankVaultOnline\/","https:\/\/x.com\/bankvaultonline"]},{"@type":"Person","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639","name":"BankVault","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"BankVault"},"url":"https:\/\/www.bankvault.com\/author\/bankvault\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/4920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/comments?post=4920"}],"version-history":[{"count":0,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/4920\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/media?parent=4920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/categories?post=4920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/tags?post=4920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}