On August 30th, the phone of Jack Dorsey, the chief executive officer of Twitter, was hacked.
The hackers posted many tweets on Dorsey’s account, including offending comments and racial slurs. They even claimed that there were bombs at Twitter’s headquarters! Twitter was able to regain control of Dorsey’s phone thirty minutes after the hack. They also confirmed that there were no bombs at their headquarters.
How did someone get a hold of Dorsey's phone? Did they really or is this a new way of hacking?
Dorsey’s phone was hacked using a method called SIM Swapping. This process allows hackers to switch a phone number to a different SIM card.
SIM cards are especially important as they contain the phone number and enable the owner to make phone calls and send text messages. Hackers can bribe the employees of the phone carrier company to switch the phone number to a different SIM card in a different device. They can also pretend to be a customer and request to change their phone number to another phone.
After obtaining access to the phone number, hackers can claim that they forgot their password to their social media, and they can request the company to send them a code via text. The hacker will receive the text, and they can reset the password and hijack the account of the victim. SIM Swapping can not only be used to hack social media accounts, but it can also hijack cryptocurrency accounts to embezzle money from the victim.
What steps is Twitter taking?
Twitter is working on ways to prevent SIM Swapping incidents from occurring. For instance, the company is exploring alternate methods to replace its two-step-authentication process. This process uses two factors to be able to login to your account: the first factor requires the password and the second factor uses a text to the customer's phone to confirm their identity.
Although this method is used to prove the identity of the customer, two-step-authentication can also backfire. If a code is sent to the phone number of the customer, a hacker can easily access it by SIM Swapping, and the hacker can hijack the customer’s account.
What steps can we take?
Everyone who has personal information on the internet is at risk of being hacked. However, we can take some precautions to minimize the chance of having our devices being hacked.
Phone carrier companies have added new features to their program to prevent SIM Swapping. For instance, AT&T now allows customers to have a passcode, which is different from their password. Customers have to use their passcode, instead of their password, to make significant changes to their account.
We can implement these features in our phone plan. We can also protect our online accounts by not associating our phone number to our social media accounts. This will stop hackers from SIM Swapping as they will not be able to gain access to phone numbers easily.
Sources: NYTimes, Guardian, CNET, Digital Trends, Lifewire