Site icon Panda Security Mediacenter

your Smartphone is no longer the “smartest” option

android2

Synching your Smartphone and computer might increase your chances of being hacked

A classic piece of advice that helps keep email, social networks and other online services safe is by enabling something called two-step verification. This security mechanism makes it more difficult for a cyber-delinquent to access your account through two-step verification. When a different device from the “usual” one (different computer or Smartphone) tries to access your account, they must enter a code that is sent to the mobile phone associated with the account in order to continue.

If a cyber-criminal is trying to get into your account, who in theory cannot access your smartphone, this two-step process makes it very complicated for him. Or so we thought.  A group of researchers from the Free University of Amsterdam showed us that this type of protection is becoming more and more flawed the better we communicate with each other using our different devices.  This means that the more computers, smartphones or devices that have access to your account and passwords, the higher your chances are of getting an account hijacked by a cyber-criminal.

The two-step verification is one of
the most popular security measures

In other words, because we are able to synchronize applications between two devices, like your computer and Smartphone (and what you do in one can affect the other), the effectiveness of two-step verification decreases.

 

 

Android and iOS, equally vulnerable

The study’s authors have showed us the possibility of installing apps offered through Android onto your Smartphone remotely through the computer (accessing Google Play with the browser) or installing remotely through iTunes.

In both of the above cases, following slightly different strategies, they have managed to intercept the verification code that websites send to your Smartphone through SMS when there is a two-step verification, so it is very possible that a hypothetical cyber-criminal could access your Facebook, Google or Amazon accounts—to cite just a few.

The verification code that websites
send you through SMS can be intercepted

 

Don’t stop doing what you’ve been doing

Just because you have found out about this vulnerability does not mean it is no longer advisable to activate this safety measure in all the services that offer it.  There will always be a few obstacles that you can put between the attackers and your personal information.

Exit mobile version