The team at Friend.tech has introduced a robust security measure to safeguard its users from a series of SIM-swap attacks that have plagued the platform recently.
These attacks, which have grown in frequency since September, involve hackers gaining control of users’ phone numbers, bypassing security measures, and gaining unauthorized access to their accounts.
To counteract this growing threat, Friend.tech has implemented a two-factor authentication (2FA) password feature, offering an additional layer of protection for its users.
Friend.tech Bolstering Security with Two-Factor Authentication (2FA) Passwords
You can now add a 2FA password to your https://t.co/YOHabcBL3H account for additional protection if your cell carrier or email service becomes compromised.
Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature pic.twitter.com/g0m2E4att2
— friend.tech (@friendtech) October 9, 2023
In response to the security breaches caused by SIM-swap attacks, Friend.tech announced the inclusion of 2FA passwords in a post made on its official social media account on October 9. This new feature empowers users to fortify their Friend.tech accounts with an added layer of security. In the event that a user’s cell carrier or email service is compromised, the 2FA password acts as a crucial shield against unauthorized access.
Furthermore, when users sign in on new devices, they will be prompted to set up a 2FA password, creating an additional barrier against potential security breaches. It’s important to note that neither the Friend.tech nor Privy teams possess the ability to reset these 2FA passwords, placing the responsibility solely in the hands of the users.
Mixed Reactions to the Security Implementation
While some users have welcomed this move as a much-needed enhancement to the platform’s security, others have criticized Friend.tech for not taking action sooner. Notably, 0xCaptainLevi, a prominent platform creator, expressed optimism regarding the new security feature. He emphasized the significance of 2FA in elevating the social media platform’s security and popularity.
Understanding the Exploitative Nature of SIM-Swap Attacks
Blockworks founder Jason Yanowitz has shed light on one method by which SIM-swap attacks are orchestrated, in a separate thread on the topic. These malicious hackers send text messages to users, soliciting permission to change their phone numbers. Users have the option to respond with “YES” to approve the change or “NO” to decline it.
Someone is trying to hack my @friendtech
1) Text sent saying they’re changing my number
2) I respond no
3) They say to confirm no, send the verification code
4) Receive actual verification code from friend tech
5) After no response, they text again saying they’ll auto… pic.twitter.com/j76vI969jP
— Yano 🟪 (@JasonYanowitz) October 8, 2023
If a user declines the request by responding with “NO,” they receive a legitimate verification code from Friend.tech, along with a prompt to send it to the scammer’s number. This manipulative tactic places users in a vulnerable position, potentially resulting in the loss of control over their accounts and digital assets.
Enhancing Security and User Confidence
With the introduction of 2FA password protection, Friend.tech aims to fortify the security of its platform and provide users with greater peace of mind. This new feature ensures that even if cell carriers or email services are compromised, Friend.tech accounts remain secure. It marks a pivotal step towards ensuring that the platform’s users can enjoy a safer and more secure experience in the face of evolving cyber threats.