Article image
01-25-2024

Mobile phone 'account takeover' scams have become a major concern

Earth.com staff writer

In the dynamic world of digital security, a breakthrough from computer science researchers offers new insights into protecting online accounts from takeover attacks.

As mobile devices evolve into complex ecosystems of software and apps, the risk of such attacks increases, with potentially severe consequences for users.

“The ruse of looking over someone’s shoulder to find out their PIN is well known,” explains Dr. Luca Arnaboldi of the University of Birmingham’s School of Computer Science.

“However, the end game for the attacker is to gain access to the Apps, which store a wealth of personal information and can provide access to accounts such as Amazon, Google, X, Apple Pay, and even bank accounts,” Arnaboldi explains.

Creating a model to prevent takeover attacks

To combat these threats, Dr. Arnaboldi collaborated with Professor David Aspinall from the University of Edinburgh, Dr. Christina Kolb from the University of Twente, and Dr. Sasa Radomirovic from the University of Surrey.

Their objective was to understand and prevent such attacks by adopting the mindset of a hacker, who often combines smaller tactical steps into a complex assault.

Previously, security vulnerabilities were studied using ‘account access graphs’, demonstrating how phones, SIM cards, apps, and security features interconnect.

However, these graphs fell short in modeling account takeovers, where an attacker might, for instance, transfer a SIM card to another device, gaining access to SMS-driven password recovery methods.

Addressing this gap, the researchers developed a new model to understand how account access changes when devices, SIM cards, or Apps are disconnected from the ecosystem.

Their innovative approach utilizes formal logic, a tool used by mathematicians and philosophers, to capture the decision-making process of a hacker with access to a mobile phone and its PIN.

From theory to real-world application

This research offers valuable insights for device manufacturers and app developers to catalog vulnerabilities and comprehend complex hacking strategies.

It also includes an analysis of claims from a Wall Street Journal report about potential attack strategies on iPhones and Android devices.

The research found that Android’s connection to a Google account provides some protection against these attacks and proposed a security enhancement for iPhones.

“The results of our simulations showed the attack strategies used by iPhone hackers to access Apple Pay could not be used to access Android Pay on Android, due to security features on the Google account,” Dr. Arnaboldi said.

“The simulations also suggested a security fix for iPhone — requiring the use of a previous password as well as a pin, a simple choice that most users would welcome.” 

Preventing takeover attacks in the future

Following this, Apple implemented a fix, enhancing protection for iPhone users. Further testing on various devices revealed vulnerabilities specific to manufacturer accounts, despite the safety of Google accounts.

Additionally, personal experiments by the researchers uncovered unexpected security gaps, like compromised security through a shared iCloud account, despite individual robust security measures.

Currently, Dr. Arnaboldi is applying this important research in his academic consultancy, working with major corporations and internet-based companies to fortify their defenses against hacking.

In summary, the pioneering research led by Dr. Luca Arnaboldi and his team marks a significant advancement in cybersecurity, offering a novel approach to understanding and preventing account takeover attacks.

This work exposes the intricate tactics of hackers while underscoring the need for continuous innovation in digital security.

As Dr. Arnaboldi applies these insights in his consultancy, his contributions are shaping a safer digital future, highlighting the critical importance of staying ahead in the ever-evolving battle against cyber threats.

The full study was published in the Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS 23).

—–

Like what you read? Subscribe to our newsletter for engaging articles, exclusive content, and the latest updates.

—–

Check us out on EarthSnap, a free app brought to you by Eric Ralls and Earth.com.

—–

RELATED NEWS
2024/07/mercury-planet_diamond-layer_nine-miles-thick_1m.jpg
07-26-2024
Planet Mercury is covered with a layer of diamonds that is 9 miles thick
2024/07/dark-oxygen_ocean-floor_no-photosynthesis_1m.jpg
07-26-2024
Discovery: "Dark oxygen" is produced on the ocean floor without sunlight
2024/07/grasslands_low-intensity_withstands-climate-change_1m.jpg
07-26-2024
Some grassland ecosystems handle climate change better than others
2024/07/natural-selection_rules-change_zooplankton_Daphnia-pulex_1m.jpg
07-26-2024
Life's rules of natural selection change significantly and very often
2024/07/Perseverance-selfie_Cheyava-Falls_leopard-spots_potential-life_NASA_1.jpg
07-26-2024
NASA: Perseverance rover finds best evidence yet for life on Mars
2024/07/neutron-star-Circinus-X-1_s-shaped-jet_RAS_1m.jpg
07-26-2024
Extraordinary garden-sprinkler-shaped jet found in distant neutron star
2024/07/water_harvested_air_dry-environment-desert_1m.jpg
07-26-2024
New machine harvests water from thin air in dry environments
2024/07/galaxy-cluster-collision_dark-matter_normal-matter_Caltech_1m.jpg
07-26-2024
Dark matter seen separating from normal matter after galaxy cluster collision
2024/07/Southern-ocean-CO2-.jpg
07-26-2024
Southern Ocean absorbs more CO2 than previously thought
2024/07/super-jupiter-discovery_direct-image_Eps-Ind-Ab_Webb_1m.jpg
07-26-2024
Super-Jupiter exoplanet 'Eps Ind Ab' directly imaged by Webb telescope
Woman,And,Ai,Robot,Working,Together,In,The,Office,,Automation
07-26-2024
Humans often misjudge and place too much trust in AI performance
2024/07/managed-climate-retreat_coastal-erosion_sea-level-rise_1m.jpg
07-26-2024
Effective 'managed retreat' strategies for climate-threatened areas
News coming your way
The biggest news about our planet delivered to you each day
Subscribe
logo
About Us
Privacy Policy
Terms of Service
Site Map
Staff
EARTH.COM
News
Videos
Images
Earthpedia
Take action
EARTHPEDIA
Articles
Animals Encyclopedia
Endangered Animals
Plants Encyclopedia
Endangered Plants
EARTH NEWS
Breaking News
Environment
Lifesyle
Voices
Animals
Plants
GET IN TOUCH
facebook icon
instagram icon
twitter icon
pinterest icon
Contact Us
© 2024 Earth.com
All rights reserved