Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Twitter SMS authentication security won't stop attacks, say experts

John E Dunn | May 31, 2013
Attackers will target handsets

"However, although considered strong, two-factor authentication alone is not really adequate as cybercriminals using financial malware have already found ways to circumvent it using Man-in-the-Browser attacks," he said.

"Trusteer has found that fraudsters bypass SMS based authentication by taking over victims' mobile SIM cards or installing malware on mobile devices that redirect SMS messages to fraudsters."

Standing back, Twitter's two-factor SMS roll-out could just be the start, a necessary short-term fix to a growing problem in advance of the firm's likely IPO. Other layers might be needed.

"Twitter should also strongly consider enabling options other than SMS and even consider allowing enterprises to enable location and or IP based log-in options," suggested Amar Singh, CISO for News International and chair of the ISACA security group.

"These are good baby steps," said Singh.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.