Even after researchers received a warning, some companies did not have any systems in place to help the crisis spill over.
Some major applications and websites, such as Paypal and Venmo, have an error that allows users to easily access people's data after taking the victim's phone.
Earlier this year, researchers at Princeton University found 17 major companies, including Amazon, Paypal, Venmo, Blizzard, Adobe, eBay, Snapchat and Yahoo, that allowed people to remake use their web site to use text messages sent to the connected phone. and their stories. This means that if a mobile user accesses a mobile phone using a simple, standard operating system such as SIM tracking, then he or she can use it on the websites that use these programs and websites. .
"When considering the analogy, I never expected it to be too much, and I didn't expect a problem to occur on these large sites," Kevin Lee, senior researcher, told an interview with Motherboard. A week ago, two months after they first asked companies to report this maliciously in their endorsement, Princeton researchers re-examined if the company had solved the problem. Some, including Adobe, Blizzard, Ebay, Microsoft, and Snapchat, have closed the hole.
PayPal and Venmo, since they are applications that allow users to exchange cash and are associated with bank or credit card information, are probably the most popular examples. This week, the motherboard has confirmed that passwords can be corrected to Paypal and Venmo using a text message.
Venmo is owned by Paypal and none of their members has responded to many requests for comment on this story.
In fact, there is a security policy because companies balance security with the need for users to redesign their password when they forget it. Providing users with the ability to redirect information to digital content is, in general, an excellent solution. But the increase in SIM card transactions that the motherboard has been reporting for years has made this sensitive protocol even more dangerous.
If you do not want companies to update and improve their policies, there is a simple solution that you can use today to reduce the risk for your accounts. you have captured your number by disconnecting your phone number from these accounts using a VoIP number, such as Google Voice, Skype or otherwise. Google Voice numbers, since they don't actually connect to a real SIM card, are much harder to jump.
-Sumit Tiwari
No comments:
Post a Comment