What Happens to a Lost Smartphone?
Recently Avast did a very interesting experiment. They intentionally lost 20 phones in New York City…
It’s been a turbulent few weeks for Bitcoin, full of unfortunate news stories and doom-mongering about the currency’s supposedly inevitable collapse.
The good news for cryptocurrency advocates is that Bitcoin is still performing extremely well in the grand scheme of things, having increased massively in value over the last year.
This week, however, brought more bad news for the crypto world with the discovery of a fatal security risk.
What’s that, you say? A security breach in the famously watertight Bitcoin defences?
That’s right. Cryptocurrency has a (entirely deserved) reputation for being ultra-secure, thanks to its reliance on blockchain technology which makes it almost impossible to hack.
Blockchain fans fear not – the technology remains uncompromised. The latest issue is actually a flaw in Bitcoin’s authentication system, which uses text messages to provide users with the details needed to access their wallets, where the currency is stored.
Two factor authentication, one form of which uses SMS to send login details to users, is often used as a way of ensuring sensitive data is dealt with outside of the internet.
Users generate an authentication code, which is sent to their mobile phone via text message and can then be used to login to the online service.
The trouble is, all SMS messaging relies on a series of protocols called Signalling System Number 7, or SS7 for the acronym-lovers out there.
This system underpins many elements of telephone communication, and it’s been in operation since the 1970s, so it’s not exactly cutting edge.
On Monday, a cyber security company called Positive Technologies released a video showing how hackers could easily hijack this antiquated system. This would allow them to intercept SMS messages containing the details needed to access various services.
To illustrate their point, they carried out a simulated Bitcoin heist, managing to get their hands on $4000 worth of the stuff. They also exposed vulnerabilities in the Gmail authentication process, so a significant number of email accounts may not be entirely safe either.
Well, it certainly isn’t good news. It’s probably not enough to really damage the cryptocurrency industry, but it should make them think twice about their security methods.
Dmitry Kurbatov, a researcher for Positive Technologies, told Forbes, “This is a vulnerability in mobile networks, which ultimately means it is an issue for everyone, especially services relying on the mobile network to send security codes.”
Using SS7 with two factor authentication isn’t unique to Gmail and Bitcoin. It’s used across the board, from banking apps to social media password protection processes.
The bad news for users is that there isn’t a whole lot they can do, short of keeping their phone number private. It’s up to companies to make the switch to more reliable authentication methods, such as Google Authentication.
Until then, vast amounts of highly sensitive data is in a precarious position at the mercy of skilled hackers.