Skip to content

An adversary may utilize a sim swapping attack for defeating 2fa authentication

License

Notifications You must be signed in to change notification settings

qeeqbox/two-factor-authentication-sim-swapping

Repository files navigation

An adversary may utilize a sim swapping attack for defeating 2fa authentication.

Example #1

  1. Adversary steals the username and password pair for website
  2. Adversary compromises the victim's phone (convinces cell phone provider to swap victim's phone number with a different sim they own)
  3. Adversary logs in with the stolen username and password
  4. Adversary receives a pin code on the compromised phone and uses it for verification.

Impact

High

Risk

  • gain unauthorized access

Redemption

  • use more factors

ID

58a84977-90e1-4156-a555-8568e83115d0

References

  • howtogeek