The nature of how we as a society use mobile phones has changed immensely in my life time. They have gone from an expensive and bulky addition to a car to a small, sleek device that has become almost a necessity to have in order to operate within the modern world.
They assist us in everything from remembering passwords, maintaining relationships and creating additional levels of security and ease to access all of our data. All of this data is now at serious risk and presents a special problem for those among us who use our phones to trade or store digital currencies.
“In the past month, there’ve been at least 10 cases of people publicly involved in the cryptocurrency scene being victimized by mobile phone hijacking. The consequences have been expensive, embarrassing, enduring, and, in at least one case, life-threatening.” (link)
The Attack
The serious risk presented by the not-so-new but recently highly effective attack concerns hijacking a mobile phone account. This is carried out by a potential hacker determining your phone number and service provider. Armed with this information the hacker proceeds to call your phone company claiming to be an employee of said company (as an example) and also claims to be with you in the store.
A story that they can create explains that you are making a change to your plan or purchasing a different phone or even adding additional security measures. In order to do so the potential hacker can ask for your SIM card information.
If the phone company worker asks for more detailed information to prove it’s actual you, the hacker can simply hang up and continue calling multiple times until they reach an employee who doesn’t require detailed information and simply hands over the SIM card data. With this data the hacker can then transfer the number away from the phone company and potentially take over all of the accounts associated with the phone.
In the event that 2 factor authentication or password reset is available for any of these accounts stored on the phone, the hacker can easily take control of those accounts away from the victim of the hack. Even if security measures aren’t present, the hacker has the ability to impersonate the victim, asking contacts in the phone for additional information.
Solutions
- Try to keep your personal information such as phone number and address private.
- Make sure your phone company sets up a PIN to access your account
- Try to have additional security questions added to your account
- Use Google Authenticator instead of sms for 2FA
Here are some additional ways to keep your bitcoin secure.
Richard Schultz
Latest posts by Richard Schultz (see all)
- Stratis Brings Anonymous Transactions to the Blockchain - March 31, 2017
- Smartphone Security Attack Risk for Crypto Users - February 6, 2017
- Capital Flight and the Investigation into Chinese Bitcoin Exchanges - January 18, 2017
