How (M)Secure Are You? Phone call-based authentication is vulnerable to call forwarding exploit
LONDON, April 30, 2013 /PRNewswire/ -- According to a research conducted by CS Networks, a global provider of mobile security and messaging products, modern technology is facing dramatic security concerns in the approaches of two-step verification, especially the phone call-based one. Results are pointing to a serious exploit. "Your calls may be forwarded at any time without your knowledge."
Recent technology developments have resulted in the merging of legacy SS7 telephone network and Internet in a bid to cut down the expenses incurred by mobile operators. There is an industry-wide adoption of those hybrid products. However, a lack of access control in the legacy network protocols that are now exposed to attacks via internet may come with a price.
According to the tests performed, more than 60% of randomly selected mobile operators are prone to unauthorized call forwarding. An attacker can easily get all the information needed, such as a customer's SIM Card IMSI, to authorize himself on the network and send a specially crafted packet activating the card forwarding service with a destination number of his choice.
In practice, an attacker with the knowledge of the customer's valid phone number can easily click on "Forgot Password" button and wait for the password reset call confirmation PIN. - It's simple as that, according to Stefan Certic, Chief Technologies Officer of CS Networks.
In a recent research paper - The Future of Mobile Security, Stefan is describing (M)Secure, a next-generation two-step authentication product relying on a patent pending call forwarding indication technology. "The goal is to prevent bad guys from stealing your sensitive data by disabling a call to an active call forwarding subscriber."
Company executives are inviting all interested service providers to a quick demonstration of the security exploit.
"All interested companies are more then welcome to apply for live demonstration of the forwarding exploit. The (M)Secure technology has already found its way to a large number of banking and financial institutions after a successful presentation at the Mobile World Congress as recent hacks of major industry players have shown that traditional authentication methods are no longer enough".
For further information, please visit the website: http://www.cs-networks.net
This press release was issued through 24-7PressRelease.com. For further information, visit http://www.24-7pressrelease.com.
SOURCE CS Network Solutions Limited