Siv SMS ua ib daim ntawv ntawm ob qhov kev lees paub qhov tseeb yeej ib txwm nrov ntawm cov neeg nyiam crypto. Tom qab tag nrho, ntau tus neeg siv twb tau ua lag luam lawv cov cryptos lossis tswj cov nplooj ntawv sib raug zoo ntawm lawv lub xov tooj, yog li vim li cas ho tsis siv SMS los txheeb xyuas thaum nkag mus rau cov ntsiab lus nyiaj txiag tseem ceeb?
Hmoov tsis zoo, cov kws ua yeeb yam tsis ntev los no tau ntes tau los siv cov nyiaj faus rau hauv cov txheej txheem ntawm kev ruaj ntseg ntawm SIM-swapping, lossis cov txheej txheem ntawm rerouting tus neeg SIM daim npav mus rau lub xov tooj uas muaj tus neeg nyiag nkas. Hauv ntau lub tebchaws thoob plaws ntiaj teb, cov neeg ua haujlwm hauv xov tooj yuav tsis thov tsoomfwv ID, daim npav ntsej muag, lossis tus lej pov hwm kev noj qab haus huv los daws qhov kev thov yooj yim.
Ua ke nrog kev tshawb nrhiav sai rau cov ntaub ntawv ntiag tug uas muaj rau pej xeem (feem ntau heev rau Web3 cov neeg koom nrog) thiab cov lus nug yooj yim rau kev rov qab los, cov neeg ua tsis raws cai tuaj yeem xa tus as-qhauj SMS 2FA mus rau lawv lub xov tooj thiab pib siv nws rau qhov tsis zoo. Nyuam qhuav pib lub xyoo no, ntau crypto Youtubers poob raug tsim txom rau SIM-swap nres qhov twg hackers tau tshaj tawm cov yeeb yaj kiab scam ntawm lawv cov channel nrog cov ntawv qhia cov neeg saib kom xa nyiaj mus rau lub hnab nyiaj hacker. Thaum Lub Rau Hli, Solana nonfungible token (NFT) qhov project Duppies muaj nws tus account Twitter account ua txhaum cai ntawm SIM-Swap nrog cov neeg nyiag nkas tweeting txuas mus rau ib qho fake stealth mint.
Kuv hais txog qhov teeb meem no, Cointelegraph tau tham nrog CertiK tus kws paub txog kev ruaj ntseg Jesse Leclere. Paub tias yog tus thawj coj hauv qhov chaw ruaj ntseg blockchain, CertiK tau pab ntau dua 3,600 txoj haujlwm ruaj ntseg $ 360 billion tus nqi ntawm cov cuab tam digital thiab kuaj pom ntau dua 66,000 qhov tsis zoo txij li xyoo 2018. Nov yog qhov Leclere tau hais:
"SMS 2FA zoo dua tsis muaj dab tsi, tab sis nws yog daim ntawv yooj yim tshaj plaws ntawm 2FA tam sim no siv. Nws qhov kev thov rov hais dua los ntawm nws qhov yooj yim ntawm kev siv: Feem ntau cov neeg nyob hauv lawv lub xov tooj lossis muaj nws nyob ze ntawm tes thaum lawv nkag mus rau hauv online platforms. Tab sis nws qhov tsis zoo rau SIM daim npav sib pauv tsis tuaj yeem raug kwv yees. "
Leclerc tau piav qhia tias cov ntawv pov thawj tshwj xeeb, xws li Google Authenticator, Authy lossis Duo, muab ze li txhua qhov yooj yim ntawm SMS 2FA thaum tshem tawm qhov pheej hmoo ntawm SIM-swapping. Thaum nug yog tias daim npav virtual lossis eSIM tuaj yeem tiv thaiv qhov kev pheej hmoo ntawm SIM-swap-hais txog phishing tawm tsam, rau Leclerc, cov lus teb yog qhov tsis muaj tseeb:
"Ib tug yuav tsum nco ntsoov tias SIM-swap tawm tsam vam khom rau tus kheej kev dag ntxias thiab social engineering. Yog tias tus neeg ua phem phem tuaj yeem dag tus neeg ua haujlwm ntawm lub tuam txhab xov tooj kom xav tias lawv yog tus tswv tsim nyog ntawm tus lej txuas nrog lub cev SIM, lawv tuaj yeem ua rau eSIM ib yam nkaus.
Txawm hais tias nws muaj peev xwm tiv thaiv tau cov kev tawm tsam no los ntawm kev xauv SIM daim npav rau ib tus xov tooj (Telecom tuam txhab lag luam tseem tuaj yeem qhib lub xov tooj), Leclere txawm li cas los xij taw qhia rau tus qauv kub ntawm kev siv lub cev ruaj ntseg yuam sij. "Cov yuam sij no ntsaws rau hauv koj lub khoos phis tawj USB chaw nres nkoj, thiab qee qhov yog nyob ze-tsav kev sib txuas lus (NFC) ua kom yooj yim siv nrog cov khoom siv txawb," piav qhia Leclere. "Tus neeg tawm tsam yuav tsum tsis txhob paub koj tus password nkaus xwb tab sis lub cev yuav tsum muaj tus yuam sij no kom nkag mus rau hauv koj tus account."
Leclere tau taw qhia tias tom qab tso cai siv cov yuam sij kev nyab xeeb rau cov neeg ua haujlwm hauv xyoo 2017, Google tau ntsib kev tsis zoo ntawm phishing tawm tsam. "Txawm li cas los xij, lawv ua tau zoo heev uas yog tias koj poob ib tus yuam sij uas khi rau koj tus as khauj, feem ntau koj yuav tsis tuaj yeem nkag mus rau nws. Khaws ntau tus yuam sij hauv qhov chaw nyab xeeb yog qhov tseem ceeb, "nws hais ntxiv.
Thaum kawg, Leclere tau hais tias ntxiv rau kev siv authenticator app lossis tus yuam sij kev nyab xeeb, tus neeg saib xyuas tus password zoo ua rau nws yooj yim los tsim cov passwords muaj zog yam tsis rov siv lawv hla ntau qhov chaw. "Ib tug muaj zog, tshwj xeeb lo lus zais ua ke nrog tsis-SMS 2FA yog daim ntawv zoo tshaj plaws ntawm kev ruaj ntseg account," nws hais.
Tau qhov twg los: https://cointelegraph.com/news/certik-says-sms-is-the-most-vulnerable-form-of-2fa-in-use
Post navigation
