The user of the smartphones has to be smart enough on how and what to see in the smartphone . If you are not smart enough, you may land up in a great disaster. Your entire earned amount can be taken out in few seconds. That’s one pretty big reason why the Uber security breach is such a big deal.
A 18 year old hacker has involved in mass-scale attacks to Uber. He successfully obtaining the employee’s account password, the hacker tricked the employee into approving a push notification for multifactor authentication. The intruder then uncovered administrative credentials that gave access to some of Uber’s crown-jewel network resources. Uber responded by shutting down parts of its internal network while it investigates the extent of the breach.
We put a lot of trust into companies with our data. Some security breaches can ruin lives if the data falls into the wrong hands, and if I had an Uber account that I had used more than once, I’d be worried about what information may now be out there on the internet. There’s no telling what was stolen, as treasure troves of data like that can be sold for a lot of money on the underground market. Even if your smartphone is secure with a password, you’re putting a lot of trust in your phone’s security systems.
Only recently was a vulnerability in the Titan M security chip (found in Google Pixel phones) fixed in an Android security patch update, and it allowed for escalation of privilege with “user interaction not needed for exploitation”. Researchers were then able to extract cryptographic keys that should never leave the device.
Uber's breach taught us to re-evaluate the companies that you trust. The screenshots provided evidence that the individual had access to assets, including Uber’s Amazon Web Services and G Suite accounts and code repositories.
In other words, Uber’s breach should be a call to re-evaluate the companies that you trust, and with what data. While we don’t fully know the scope of that breach just yet, it was only a matter of time before a company had a breach of this potential scale.
While companies are expected to follow best practices in storing user data (including hashing and salting user passwords, credit cards, and more), you’re putting a lot of trust in companies to have followed those best practices. Even if a company claims to have encrypted those passwords, that doesn’t mean you’re safe forever if that data leaks.
Uber had MFA, short for multifactor authentication, in place in the form of an app that prompts the employee to push a button on a smartphone when logging in. To bypass this protection, the hacker repeatedly entered the credentials into the real site. The employee, apparently confused or fatigued, eventually pushed the button. With that the attacker was in.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.