Multi-Factor Authentication, New Attacks on 4G and 5G Mobile Networks

Episode Artwork
0% played 00:00 00:00
Mar 04 2019 14 mins   44
This is your Shared Security Weekly Blaze for March 4th 2019 with your host, Tom Eston. In this week’s episode: Multi-factor authentication to protect your credentials, and new attacks on 4G and 5G mobile networks. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit today to take advantage of this exclusive offer. Almost every day we hear about a new data breach or leak of personal data. In a lot of these stories, compromised credentials are used in what is known as a ‘credential stuffing’ attack in which stolen credentials, from large databases of past data breaches, are used to gain access to many different types of popular applications and services. Just last week, one of those services was Intuit’s TurboTax application which right now, because of tax season in the US, is extremely popular. Victims of this particular attack had their information like social security numbers, address, date of birth, driver’s license number, previous tax returns and other personal data compromised. That’s enough data for someone’s identity to be stolen! But even if we take the right precautions to use unique and complex passwords, many of us can still fall victim to a phishing or other social engineering attack where we may be convinced to giveaway our user credentials. In fact, in last week’s show I discussed a very realistic Facebook social login phishing campaign which looks so real that even cybersecurity professionals could fall for it. So what can you do to help better protect your user credentials? The answer is multi-factor authentication and you should always enable it if the apps and services you are using support it. Here to discuss what multi-factor authentication is and how it’s different than other forms of authentication is Ian Paterson, CEO of identity assurance company, Plurilock. Ian Paterson: Historically, authentication is based around what you know, which would be something like a password or a PIN number for your debit card; what you have, so that would be something like the debit card itself or maybe an RSA token; and something that you are, and that would be something like your fingerprint for touch ID or maybe your face for using facial recognition. And multi-factor authentication is when you have two or more of those factors. So you’re mixing and matching something that you know, something that you have, and something that you are. Ian Paterson: Traditional authentication is generally something that you know, and that would be passwords. And what the world has learned over the last five to 10 years, is that passwords, something that you know, are really a terrible way of protecting stuff. I would say ironically, but not ironically, I got a note in my inbox earlier this week from Have I Been Pwned, saying, “Congratulations. You have been subject to a data breach.” And the reality is if you’ve been around online for any amount of time, probably you’ve had your credentials breached. And I usually talk about, there’s two people in the world, people who know that they’ve been part of a data breach and people who don’t know. And that’s basically it. So, coming back to your question. So MFA is designed to mitigate some of the problems around traditional authentication, I.e., passwords and we’re starting to see more of… More consumer options, certainly, around being able to use MFA or two factors, so two-factor authentication and multi-factor authentication, we’re starting to see more of those options being available to consumers. Tom Eston: So, what are some of the issues that you’re seeing with the way that companies and applications and everyone is using multi-factor authentication right now? Ian Paterson: I think that there are s [...]