New method to safeguard against mobile account takeovers

2024-01-22 10:54

Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts.

Dr Luca Arnaboldi from Birmingham's School of Computer Science worked with Professor David Aspinall from the University of Edinburgh, Dr Christina Kolb from the University of Twente, and Dr Sasa Radomirovic from the University of Surrey to define a way of cataloging security vulnerabilities and modeling account takeover attacks, by reducing them their constituent building blocks.

Account access graphs do not model account takeovers, where an attacker disconnects a device, or an app, from the account ecosystem by by taking out the SIM card and putting it into a second phone.

The researchers overcame this obstacle by developing a new way to model how account access changes as devices, SIM cards, or apps are disconnected from the account ecosystem.

The published account also details how the researchers tested their approach against claims made in a report by Wall Street Journal, which speculated that an attack strategy used to access data and bank accounts on an iPhone could be replicated on Android, even though no such attacks were reported.

One of them found that giving his wife access to a shared iCloud account had compromised his security - while his security measures were as secure as they could be, her chain of connections was not secure.

News URL

https://www.helpnetsecurity.com/2024/01/22/safeguard-against-mobile-account-takeovers/

#mobile #safeguard #takeover