Blog
Topic
Tout
AIoT
Products and technologies
Industries
Tout
Education
Logistics
Energy
Sports
Sustainability
Business trends
Cybersecurity
AI
Events
Access control
Trends
LED
Industry News
Company News
Product Announcement
Search blog
Blog
Filter
Cancel
Topic
Tout
AIoT
Products and technologies
Industries
Tout
Education
Logistics
Energy
Sports
Sustainability
Business trends
Cybersecurity
AI
Events
Access control
Trends
LED
Industry News
Company News
Product Announcement
Réinitialiser
Soumettre

Hikvision’s Senior Cybersecurity Director on Trending Security Concerns: Microsoft Discourages Use of SMS and Voice MFA, Plus a New Mobile Smishing Attack 

 

In today’s HikWire blog, Hikvision Senior Director of Cybersecurity Chuck Davis writes about trending security concerns. His focus is on a Microsoft’s recent recommendation that discourages the use of SMS and voice MFA (multi-factor authentication). And, he covers a new mobile smishing attack.

Microsoft Discourages Use of SMS and Voice MFA
MFA, also known as two-factor authentication (2FA), is used to better secure user accounts from password attacks. MFA adds two or more pieces of verifiable evidence or factors to the authentication process to greatly reduce security concerns by lowering the chances of an account being accessed by the wrong person.

This week, Microsoft’s Alex Weinert wrote in his blog, “Today, I want to do what I can to convince you that it’s time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms. These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today.”

This is a call for websites and apps to phase out SMS MFA in favor of stronger options such as a smartphone authenticator app. It is also a call for end users to choose stronger methods of MFA when they are available.

The weaknesses of SMS for MFA have been known for a long time. There have been numerous cybersecurity conference talks on the topic and Krebs On Security reported on in the 2016 article, “The Limits of SMS for 2-Factor Authentication.”

While SMS is arguably the weakest form of MFA, it is still better than just using a username and password. Bitdefender wrote, “even vulnerable SMS-based MFA is better than no MFA at all.”

Mobile Payment Smishing Attack
We covered smishing attacks in the HikWire blog earlier this year, which you can find at this link. Smishing (SMS phishing) attacks are on the rise and we are all vulnerable targets.

The term smishing is a portmanteau that combines the term SMS (text messaging) and the word phishing: SMS + phishing = smishing. As you may have guessed, smishing is phishing that uses SMS and similar types of text messaging.

According to Naked Security, one of the latest smishing campaigns has the attackers sending victims an SMS text message, pretending to be from the victim’s mobile provider. The message states, “We haven’t received your recent bill payment, please update your details at [malicious URL] to avoid additional fees.”

If the victim clicks on the link, they are presented with a login screen that attempts to trick the victim into unwittingly providing their login credentials to the attacker.

To learn more about smishing read this Hikvision article.

For more insights into these types of security concerns, check out Hikvision’s full cybersecurity blog catalog.

Cybersecurity

Subscribe to newsletter

Subscribe to our email newsletter to get the latest, trending content from Hikvision

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

 

Contactez-Nous

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.