Researcher Finds Way to Steal Money From Instagram, Google, and Microsoft

Belgian security researcher Arne Swinnen found an inventive way to steal money from companies like Facebook (through the Instagram service), Google, and Microsoft, using their 2FA voice-based token distribution systems.

Most companies that deploy 2FA (Two-Factor Authentication) send short codes via SMS to their users. Optionally, if the user chooses to, he can also receive a voice call from the company as well, during which a robot operator speaks the code out loud.

These phone calls are usually placed to the phone number officially tied to those specific accounts.

Attacks could theoretically work against other companies as well

Swinnen discovered in his experiments that he could create Instagram Google and Microsoft Office 365 accounts, which he could then tie to a premium phone number instead of a regular phone number.

When one of these three would call the account’s phone number to communicate the user his access code, the premium SMS number … (read more)
Source link

Remember to like our facebook and our twitter @geekchrome for a chance to win a free android tablet every month!

Quick Links: Best Chrome Games |Top 5 Dress Up Games For Girls On Chrome | Top 5 iTunes Alternatives On Chrome OS | Best Photoshop Alternatives On Chromebook | Download Google Chrome Apps | Free Chrome OS Apps

Juniya

Juniya

A web developer, programmer, ubuntu and chrome os supporter. I also love comic books and I enjoy researching history facts, kind of weird right? My role on Chromegeek.com is to make sure everything works 24/7.