Stealing Bitcoins from online wallets with 2FA - page 3.

criz2fer

full member

Activity: 672

Merit: 127

Quote from: aleksej996 on September 19, 2017, 05:53:04 PM

I see people calling for 2FA as a safety mechanism for their accounts even tho there is a huge vulnerability in the mobile networks known for years now.
2FA just increases the complexity of the attack, it doesn't stop it at all. Here is an article from The Hacker News that came out today about using 2FA on Bitcoin online wallets like Coinbase, although they say that it isn't a vulnerability in Coinbase at all but in the mobile system design flaws instead.

https://thehackernews.com/2017/09/hacking-bitcoin-wallets.html

The conclusion here is that you shouldn't consider a mobile network safe.

I think phishing is the most often attack that occurs in hte forum. Since links are spread here, many of people here in the forum specially newbies, clicking the links without know that the site was a fake that collects data from their log ins. Thats why hackers can change password because of this.

O9NpJ9ld1opS

member

Activity: 176

Merit: 10

“Blockchain Just Entered The Real World"

Keeping coins on exchanges are always vulnerable. I have heard many times that coins are lost from exchanges even with 2FA security. Always transfer your coins to a hardware wallet if possible, else use a paper wallet. Stay safe rather than pointing out that the possibility of being hacked is very less. Money is yours and so is the decision.

harizen

legendary

Activity: 3122

Merit: 1398

For support ➡️ help.bc.game

Quote from: iram1011 on October 02, 2017, 11:02:03 AM

When it comes to mobile nothing is safe. That is why it is always advisable to have hardware or paper wallet instead of mobile or desktop wallet which are connected to internet. Any app or software can be infected to read data from users mobile or desktop that too very easily. I think people hardly read terms and conditions before downloading and simply grant permissions to apps when asked. These all things make mobile vulnerable only.

It's not mobile fault then but users itself. Before mobile became infected, the users did some shitty actions.

In the first place I don't believe in Mobile Virus especially on Android. It's more prone to desktops obviously. Honestly in my years of lurking around Phone Development especially on Android zone, there are only few mobile apps I have seen created with attempt on stealing info but as far as my knowledge is concerned, none of them works. The most common is malware where there will be like XXX app on your mobile phone but that's just it. Above all of this, the users itself is responsible on how they will improved their security whatever platforms they are using.

iram1011

hero member

Activity: 896

Merit: 521

When it comes to mobile nothing is safe. That is why it is always advisable to have hardware or paper wallet instead of mobile or desktop wallet which are connected to internet. Any app or software can be infected to read data from users mobile or desktop that too very easily. I think people hardly read terms and conditions before downloading and simply grant permissions to apps when asked. These all things make mobile vulnerable only.

sishahid

full member

Activity: 212

Merit: 100

I am a Professional Graphic Designer

Causes of cybersecurity in the current world are a headache now। Subscriber Identity Module cloning is now a threat to security. It is possible to steal the wallet with the possession of it. If the security aspects improve, it is possible to get rid of the hack.

CrazyCraig

sr. member

Activity: 501

Merit: 340

Bye Felisha!

The article references a type of man in the middle attack with SMS messages. While harder, it is still possible to have your 2fa device breached with an app such as Authy as a copy of the data can be stored in your devices cloud backup.

You take steps to protect yourself by using a separate, non-service connected device to handle 2fa requests. You should also disable backups and use long complex passwords.

olubams

hero member

Activity: 798

Merit: 503

Quote from: aleksej996 on September 19, 2017, 05:53:04 PM

I see people calling for 2FA as a safety mechanism for their accounts even tho there is a huge vulnerability in the mobile networks known for years now.
2FA just increases the complexity of the attack, it doesn't stop it at all. Here is an article from The Hacker News that came out today about using 2FA on Bitcoin online wallets like Coinbase, although they say that it isn't a vulnerability in Coinbase at all but in the mobile system design flaws instead.

https://thehackernews.com/2017/09/hacking-bitcoin-wallets.html

The conclusion here is that you shouldn't consider a mobile network safe.

For every method to keep your wallet safe, there will always be a flaw in the system but so far, 2FA has been one way to guide against that because to get to that point an hacker getting access to your 2FA code then there must be serious compromise of the entire account even going beyond emails to include mobile number which is mostly attached to 2FA codes. The moment this option is no longer strong enough, I am sure other methods will be provided.

nightwishx

hero member

Activity: 900

Merit: 500

that person must be a genius. because I know 2fa has a good security standard. with the code changing frequently, I think it will be difficult even though many people are trying it out. but this guy made it through 2fa, I think he has his own way of doing it.

Lieldoryn

sr. member

Activity: 630

Merit: 272

I heard that there is a possibility to circumvent the protection using mobile phone. It's hard to do because the wallet will not let two users at the same time. So you need to block a phone owner. It is not difficult, but only in a mechanical way. If you have a large Bank account you are always at risk. That's why it's so important to keep their money in different purses and small amounts.

ScripterRon

full member

Activity: 136

Merit: 120

Google Authenticator (or WinAuth on PC) is secure and does not rely on any network exchange. Coinbase no longer recommends Authy and tells its users to use Google Authenticator. If you use one of these programs, be sure to record the QR code (or the secret phrase) so you can recover the authenticators if you need to get a new phone.

nrvasquez

hero member

Activity: 966

Merit: 500

Quote from: edynolan on September 19, 2017, 06:00:17 PM

that possibility is just a threat from them.
very difficult to penetrate 2FA because the code is often changed

I agree with you. With a code that often changes I think it will still be difficult. and also to get into the wallet, I think there is a mistake made by the user of the wallet itself. eg using a malicious internet connection. A few hours ago I read there was lost about $ 550K in one wallet. and the cause is malicious wi-fi.

JanpriX

hero member

Activity: 1708

Merit: 606

Buy The F*cking Dip

Quote from: aleksej996 on September 19, 2017, 05:53:04 PM

I see people calling for 2FA as a safety mechanism for their accounts even tho there is a huge vulnerability in the mobile networks known for years now.
2FA just increases the complexity of the attack, it doesn't stop it at all. Here is an article from The Hacker News that came out today about using 2FA on Bitcoin online wallets like Coinbase, although they say that it isn't a vulnerability in Coinbase at all but in the mobile system design flaws instead.

https://thehackernews.com/2017/09/hacking-bitcoin-wallets.html

The conclusion here is that you shouldn't consider a mobile network safe.

You should never feel safe with mobile network or online wallet at all. They both have vulnerabilities that can be exploited by hackers that do know the ins and outs of the network system. They can initiate a social engineering attack to a phone company where an individual's online crypto account is tied. After doing that, they can already access the said crypto account because the security of phone companies nowadays are very lax and not secure at all. The so-called "2FA" using the SMS services of these phone companies should not be considered in this age (2017) especially if you'll gonna use it to any crypto-related stuff.

KuromaYoichi

sr. member

Activity: 756

Merit: 251

Sovryn - 300-500% APY on USDT Deposit

Well, there's always an exploit that can be used by hacker to get control of our account but adding 2fa makes it harder for them to get the control. If they have to choose, i'm sure they will prefer the one without 2fa as it's easier rather than the effort need to hack the one using 2fa. I don't consider a mobile network safe but it's certaninly better than nothing.

joseafonso123az

sr. member

Activity: 476

Merit: 250

Well, for every technology advancement, there has always been an exploitaition attack. Many times the attacks occur a lot and get personal, but developers fast correct the bugs so that doesn't happen again. This will also be corrected some way, and after that, people will try to find other ways.This happens everywhere, even in real life. For example, when someone robs once a store, he might get caught. The second time he goes there he will have a new strategy to rob. So this will always happen, it's how fast you solve the issue that matters!

TanyaDegurechaff

full member

Activity: 182

Merit: 100

They say a thin line separates genius and madness.

Even though its a possibility but there is a very low chance that someone will try to hack you if they don't even know how much btc in your account is. They wont spend huge amounts of time and effort just o hack an account that will turn out to have only a few amount in it. They will likely research first who's accounts may have a huge amount of btc in it and try to hack it. So for us who don't have huge amounts of btc are safe to this kind of attacks.

Crypto_trader87

full member

Activity: 322

Merit: 100

I observe this setuation also in some of our friends we are suspecting that 2FA is also not safe for your money and bitcoins this days hackers are more invensible and most high tech that evrything they can hackp

diskodasa

sr. member

Activity: 337

Merit: 250

of course hacker can hack mobile network by ss7 bug but it is very hard. we dont have luck to get hack by these hacker. and if you use authenticator by google you will dont need worry about this anymore

Raxitto

sr. member

Activity: 420

Merit: 250

In the attack, hackers first went to Gmail, using the Google service to find an email account with only a phone number. Once the email account has been identified, hackers have initiated a password reset process, asking for unique authorization codes to be sent to the victim's phone. By exploiting the weaknesses of SS7, they were able to intercept text messages containing these codes, allowing them to choose a new password and take control of their Gmail account. They could simply go to the Coinbase website and make another password reset using the email they compromised. This type of attack is not just a threat that affects digital coins. This affects anything connected in the Gmail account, not to mention the complete loss of all these emails and the entire Google account.

aleksej996

sr. member

Activity: 490

Merit: 389

Do not trust the government

Quote from: JasonXG on September 19, 2017, 06:26:50 PM

Hmmmm.... Ya I don't know they make it sound like it is so easy when its not. What is this ss7 ?

There is a wikipedia article for more information https://en.wikipedia.org/wiki/Signalling_System_No._7

Quote from: JasonXG on September 19, 2017, 06:26:50 PM

I still don't think it's easy and it is ment to be a second defense not primary. I dont use SMS though I use the authenticator and I'm sure it's very safe.

It is true that it is usually a second defense, although there are often account recovery options using a mobile phone. I am not sure about the authenticator, but if it works when your phone is not connected to the Internet then it is using SMS and the SMS might not be encrypted.

JasonXG

hero member

Activity: 770

Merit: 500

Hmmmm.... Ya I don't know they make it sound like it is so easy when its not. What is this ss7 ?

I still don't think it's easy and it is ment to be a second defense not primary. I dont use SMS though I use the authenticator and I'm sure it's very safe.

Topic: Stealing Bitcoins from online wallets with 2FA - page 3. (Read 1291 times)