Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

Rough 2014 Predicted For Two-Step Verification

Two-Step Security is the latest weapon in the battle against cybercrime. More and more major websites are adopting the Double Verification technique to deter hackers from stealing personal data and information. But there is bad news – this method will be rendered ineffective or even useless in 2014.

Social media giants such as Facebook, Twitter and LinkedIn recently jumped on the Two-Step Authentication bandwagon, hoping to provide millions of users some form of privacy. But this welcome security feature will soon prove to be inadequate.

This is bad news for people who use mobile devices for utility, banking and gaming purposes. The Trend Micro 2014 Security Report paints a very grim picture regarding this feature’s future. Security experts have their work cut out in 2014. Let’s see why.

What exactly is Two-Step Security?

It has many names – Double Verification, Double Login and Two-Step Verification. Arguably the most talked-about feature of 2013, tens of leading websites bolstered their security profile with the dual-login procedure. This basically means the user has to provide more than just a username and password to gain access to his account.

For example, Google sends the user’s phone a unique code that has to be entered after the initial login. This additional layer of security is a bit cumbersome to setup initially, but it provides the user with a true sense of security. Unfortunately, hackers are always looking for ways to bypass security walls. They seem to have found the solution.

How will Two-Step Security lose its effectiveness in 2014?

This security procedure is great in theory and quite effective on computers, but the use of mobile devices complicates the situation. Many mobile platforms, including iOS, are still not fully compatible with the Two-Step Security feature. But the biggest problem in mobile computing comes in the form of Man in the Middle (MitM) attacks.

MitM attacks are as simple as they sound. The hacker just becomes the middle-man, intercepting all communication between two parties. The intrusions and information harvesting is done with the help of sophisticated mobile malware such as PERKEL and ZITMO. Users of unknown public WiFi hotspots are extremely vulnerable to MitM attacks.

Smartphones are becoming competent computer-replacements, but mobile security still has a long way to go before secure usage is possible. Nearly one of five US smartphone users banked via mobile devices in 2013. These numbers will continue to rise in 2014, but the lack of a comprehensive mobile security solution is going to cause many problems.

The bottom line is that Two-Step Verification is still a welcome and useful security feature. But users have to understand that there is no such thing as a secure application. Changing passwords, avoiding unknown public hotspots and using only official software are always recommended. Security is a full-time task and the battle won’t be won in one day.

Source – Trend Micro 2014 Security Report

Jump to Category