Our mobile phones are an undeniable part of our lives in the 21st century. We use them to contact our nearest and dearest, check the news, access the internet, make online purchases and even log into accounts, ideally via multi-factor authentication (MFA). Using MFA can block up to 99% of automated attacks. Undeniably, MFA is important for safe mobile use; however, have you ever thought about which types of MFA are riskiest and why?
Many individuals as well as companies are using call- and SMS-based MFA. It may seem like a great way to authenticate the user. Everyone has a mobile phone they can use to take a secure phone call or receive an SMS. Well, it may not be as straightforward as it seems at first glance.
There are many reasons why you should consider replacing SMS-based MFA:
- SMS and voice calls are not encrypted. Unfortunately, these are transmitted in cleartext, which makes them more vulnerable to attackers.
- They are vulnerable to phishing attacks via open source and readily available phishing tools, such as Modlishka.
- Employees of phone network companies may fall prey to a SIM-swapping attack. They can be tricked into transferring phone numbers to a threat actor’s SIM, allowing attackers to receive MFA codes instead of the victim.
- Phone service failure. As authentication apps and security keys work offline, SMS needs the phone service to be available. Phone network companies are also exposed to changing regulations, which may also impact the availability of MFA.
- It is likely that SMS and voice calls are not getting more secure any time soon.
It is not a surprise, then, that in 2020 Microsoft advised its users to stop using SMS- and voice call-based MFA and instead use an authentication app or a hardware key. This by no means suggests that you should completely abandon SMS MFA; it is still better than no MFA. Microsoft itself has kept the option for its users to continue to use SMS-based MFA, proving that it is more secure than not using any form of multifactor authentication.
Keeping Your Mobile Device Secure
If you choose to keep your SMS-based MFA, make sure your mobile device is as secure as it can be. A great way to start is with ESET Mobile Security on your Android mobile devices. It is a solution that ensures security against a multitude of mobile threats while securing users’ data.
ESET Mobile Security aims to provide a safe environment by leveraging its Anti-Phishing feature. It also aims to protect and secure your device from criminal activity using manipulation of users, known as social engineering, into gaining access to sensitive data such as bank account credentials, card numbers, PIN numbers, usernames and passwords.
The feature allows the products to scan its malware and phishing database and determine a website’s security—or not—thus making sure you do not fall prey to a phishing attack. The product’s Anti-Phishing feature integrates with the most common web browsers (Chrome and many others) available on Android devices to provide protection to any and all online activities you desire to carry out.
We recommend you keep Anti-Phishing enabled at all times. All malicious websites, listed in the ESET malware and phishing database, will be blocked and a warning notification will be displayed informing you of the attempted attack.
Other features of ESET Mobile Security include:
- Antivirus – protection against malware: intercepts threats and cleans them from your device
- Payment protection – lets you shop and bank safely online
- App lock – requires extra authentication to access sensitive apps; protects content when you’re sharing a device
- Anti-Theft – a powerful feature to help protect your phone and find it if it goes missing
- Network inspector – scans your network and all connected devices to identify security gaps
- Call filter – blocks calls from specified numbers, contacts and unknown numbers
- Adware detector – identifies and removes apps that display ads unexpectedly
- Real-time scanning – scans all files and apps for malware
- Scheduled scans – checks your device every time you charge it, or whenever you want
- Security audit – checks an app’s permissions
- Security report – provides an overview of how secure your device is
- USB on-the-go scanner – checks any connected USB device for threats
- Up to 5 devices – pay once, protect 5 devices associated with the same Google account
ESET Mobile Security makes your Android phones and devices easy to find and harder to steal, and it helps to protect your valuable data. ESET helps protect the Google Play store and is trusted by millions of users like you around the world, and is dedicated to the online safety and education of children and their parents. Click here to find out more.
If you want to protect your phone with ESET Mobile Security, you’re in luck! From April 25 to May 1, the premium version of ESET Mobile Security is 50% off. No need for a promotional code; the discount will automatically be added to your checkout! It couldn’t be easier.
by Alžbeta Kovaľová, ESET