Content deleted Content added
m Task 18 (cosmetic): eval 7 templates: hyphenate params (3×); cvt lang vals (3×); |
m References after punctuation per WP:REFPUNCT, WP:CITEFOOT, WP:PAIC + other fixes |
||
Line 1:
{{
A '''transaction authentication number''' ('''TAN''') is used by some [[online banking]] services as a form of ''single use'' [[one-time password]]s (OTPs) to authorize [[financial transaction]]s. TANs are a second layer of security above and beyond the traditional single-password [[Authentication protocol|authentication]].
Line 37:
However, the security of this scheme depends on the security of the mobile phone system. In South Africa, where SMS-delivered TAN codes are common, a new attack has appeared: SIM Swap Fraud. A common attack vector is for the attacker to [[Identity theft|impersonate]] the victim, and obtain a replacement [[SIM card]] for the victim's phone from the [[mobile network operator]]. The victim's user name and password are obtained by other means (such as [[keylogging]] or [[phishing]]). In-between obtaining the cloned/replacement SIM and the victim noticing their phone no longer works, the attacker can transfer/extract the victim's funds from their accounts.<ref>[http://www.iol.co.za/news/south-africa/victim-s-sim-swop-fraud-nightmare-1.385531 ''Victim's SIM swop fraud nightmare''] iol.co.za, Independent Online, January 12, 2008</ref> In 2016 a [https://theantisocialengineer.com/sim-swap-fraud-porting-your-digital-life-in-minutes/ study was conducted on SIM Swap Fraud] by a [[Social engineering (security)|social engineer]], revealing weaknesses in issuing porting numbers.
In 2014, a weakness in the [[Signalling System No. 7]] used for SMS transmission was published, which allows interception of messages. It was demonstrated by Tobias Engel during the 31st [[Chaos Communication Congress]].<ref>{{cite web|title=31C3: Mobilfunk-Protokoll SS7 offen wie ein Scheunentor|url=https://www.heise.de/newsticker/meldung/31C3-Mobilfunk-Protokoll-SS7-offen-wie-ein-Scheunentor-2506892.html|date=2014-12-28|language=de}}</ref>
{{cite web| url=https://www.heise.de/newsticker/meldung/Deutsche-Bankkonten-ueber-UMTS-Sicherheitsluecken-ausgeraeumt-3702194.html| title=Deutsche Bankkonten über UMTS-Sicherheitslücken ausgeräumt| author=Fabian A. Scherschel| date=2017-05-03|language=de}}</ref>
Also the rise of [[smartphone]]s led to malware attacks trying to simultaneously infect the PC and the mobile phone as well to break the mTAN scheme.<ref>[http://news.techworld.com/security/3415014/eurograbber-sms-trojan-steals-36-million-from-online-banks/ ''Eurograbber SMS Trojan steals €36 million from online banks''] techworld.com, December 5, 2012</ref>
| |||