Vulnerabilities in SMS authentication are putting customers at risk, but customer experience should not be side lined when network solutions are so available
Vulnerabilities in mobile networks that allow hackers to hijack phone numbers and trick users’ into giving up their personal information such as banking details have recently been highlighted by a new report by experts. Hackers can remotely dial into a network that most smartphones rely on and pose as familiar organisations such as energy suppliers and high street banks.
Keiron Dalton, a digital identity expert from Aspect Software, commented on the news: “Operators have been aware of these issues for some time and are moving fast to strengthen their networks from a technology standpoint. But the main challenge is that an operator is only as strong as their competitors, and vulnerabilities in networks can therefore be easily created and left unaddressed. Mobile stakeholders such as the GSMA are well aware of this and there is a strengthening argument that global regulatory standards must be looked at.
“The use of SMS for one-time password authentication is likely to receive part of the blame for this, but these issues predominately stem from a lack of global collaboration between operators and weak networks. All channels of authentication have vulnerabilities and there are technologies that can be easily adopted to better protect the use of SMS. The key thing to understand is that SMS is a perfectly effective method of authentication, but only in conjunction with others as part of a multi-factor approach,” he said.
Keiron added: “The good thing is that this is a high priority for operators and collaboration is taking place to strengthen the mobile eco system in numerous forms. A good example of this is the Insight Sharing Group, which Aspect is a part of, consisting of leading operator groups and the GSMA to share understanding of risks and stimulate discussion around solutions.”
“This is the type of proactive behaviour that is needed to solve these issues so that people can continue using the channels that are most convenient to them. Customer experience should not be dampened when practical solutions are so accessible,” Keiron concluded.