C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
Lax Telco Security Allows Mobile Phone Hijacking and Redirects
A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls. As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for instance) and even verifying that a person is at the account address by calling a landline are all well-known features of the authentication process when making account changes. At the Security Analyst Summit 2019 in Singapore last month, David Jacoby, a Swedish member of Kaspersky Lab’s global research and analysis team (GReAT), presented a short, five-minute presentation called “Exploiting Telco Support Teams for Fun and Profit.” He explained how Swedish telcos ask only for a bare minimum of information from callers – and publicly available information at that – before agreeing to make account changes to specific numbers. This has led to real-world attacks where victims have found their mobile phone calls hijacked and redirected to a rogue number.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.