Mind your SMSes: Mitigating social engineering in second factor authentication. Issue 65 (March 2017)
- Record Type:
- Journal Article
- Title:
- Mind your SMSes: Mitigating social engineering in second factor authentication. Issue 65 (March 2017)
- Main Title:
- Mind your SMSes: Mitigating social engineering in second factor authentication
- Authors:
- Siadati, Hossein
Nguyen, Toan
Gupta, Payas
Jakobsson, Markus
Memon, Nasir - Abstract:
- Abstract: SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authentication codes. We demonstrate one social engineering attack for which we experimentally obtained a 50% success rate against Google's SMS-based authentication. At the heart of the problem is the messaging associated with the authentication code, and how this must not have been developed with security against social engineering in mind. Pursuing a top-down methodology, we generate alternative messages and experimentally test these against an array of social engineering attempts. Our most robust messaging approach reduces the success of the most effective social engineering attack to 8%, or a sixth of its success against Google's standard second factor verification code messages.
- Is Part Of:
- Computers & security. Issue 65(2017)
- Journal:
- Computers & security
- Issue:
- Issue 65(2017)
- Issue Display:
- Volume 65, Issue 65 (2017)
- Year:
- 2017
- Volume:
- 65
- Issue:
- 65
- Issue Sort Value:
- 2017-0065-0065-0000
- Page Start:
- 14
- Page End:
- 28
- Publication Date:
- 2017-03
- Subjects:
- Phishing -- 2-factor authentication -- 2-step verification -- SMS -- Verification code forwarding attack -- Human factors -- Warning
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2016.09.009 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2408.xml