Image: Sean Gallup/Getty Image
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
For years, cybersecurity experts have suggested people move away from having only their password as an authentication method. Initially, two-factor or multi-factor authentication used text messages containing a unique code. As Tobac suggested, any method for two-factor is better than none, but it’s become very easy for cybercriminals to exploit two-factor authentication via text messages, either intercepting the texts by abusing flaws in systems that constitute the backbone of telecom networks, tricking telecom providers’ employees into giving up their credentials and then taking advantage of their access to internal tools, or straight up bribing the telecom employees into doing SIM swapping attacks on behalf of the hackers.Do you work at Uber? Do you have more information about this hack? We’d love to hear from you. From a non-work computer or smartphone, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com
Advertisement