Be cautious in your actions
Would you agree, if a bank assures cent percent safety to your savings in their highly secured vault? Yes, can agree, if you are living in 70's or 80's of India. Now in the modern era, it is rare to assure hundred per cent security to the savings. As the era changes, people tend to shift their choice from P-P transaction to online transactions. The change has made the economic and IT industry to boom to better extent, but the method used by the banks and online vendors to allow transactions worries, consumers for ongoing cyber threats.
A few weeks ago, an unknown hacker or hackers had stolen Rs. 1.3 lakh from a youngster's bank account. The victim, Shashwat Gupta, who works in a private firm at Kerala has raised a complaint on his Facebook page about the money, which he has lost through a scammer's trick and also the flaws in the bank. As per the reports, an unnamed hacker or a group of hackers cloned the sim card of Gupta, which is linked to his bank account. After cloning the card, the crook contacted the victim as a telecom professional and urged him to text his Aadhaar number to customer care to avoid further disconnection. Unknowing it as a trap, Gupta reacted the act and texted his Aadhaar number. Using an SMS bouncing trick, the crook could have looted the Aadhaar number and later used it for the Tele-verification process to activate the cloned sim-card.
Cloning sim card is a decade old trick, used by investigating professionals to eavesdrop criminals calls and chats. Now, the crook used this trick and looted the wallet. Just with a blank programmable SIM card, SIM Firmware reader/writer, MagicSIM program and USB SIM card reader, which are available in major shopping carts, one can easily clone the sim card in less than an hour- as per a researcher at Hackagon.com. According to the post, this trick could allow anyone to duplicate sim cards manufactured on the COMP128v1 algorithm using the above-mentioned props.
As per the online data, sim cards manufactured globally are designed based on COMP128- algorithm. In that, sim cards manufactured with COMP128v1 are most vulnerable to sim cloning as such due to the weak algorithm. And the upgradation of algorithms in v2,v3 and v4 devised by reverse engineering found to be less vulnerable than the original version.
Do a sim card with 10 digit unique number is suitable for encrypting your wallet? Honesty yes, if they are manufactured based on newly developed algorithms of latest versions. To avoid such crimes in future, banks should add some extra authentication systems, rather than OTP. And it is not quite difficult for an hacker to steal OTP by overlaying the user's smart phone, either through vulnerable malware or app.
What about biometric security system's? Are they safe?
Honestly not. similar to OTP system, there are flaws in biometrics too. Biometrics including Fingerprint, iris and as well as facial authentication system hacker can manipulate the registry with the developed images of victim- as confirmed by Chaos Computer Club, an hackers forum.
A year ago, master cards tried to built Fingerprint authentication pads in ATM cards for authenticating transactions in South Africa. Though it has floored with several criticisms on security, bank officials strongly believe in Fingerprints than pins- says reports.
What could be the better authentication?
It's quite terrible to answer about the better authentication. But an assistant professor named Wenyao Xu of University of Buffalo, The State University, NewYork told me once that the future security depends on heart's shape and motion.Speaking to the Tuner,he said 'Each person has a unique heart. If we can get the 3D shape and motion patterns of a person's heart, it is possible to discover new biometrics. OTP and other biometrics are not as secure as heart biometric. Our invention is not visible to the naked eye and it cannot be stolen.'
Do the banks have to rely on individuals heart for future security? However, it's possible, but quite expensive and works rare in India. To ensure better security, apart from banks, every individual should take responsibility in protecting the savings by safeguarding the data including Aadhaar details, personal information. Before sending your data to someone, look on to the reason for sharing the data and credibility of the person on other end .
