Fingerprint and facial recognition features could help avoid password hacking. Photo / 123RF
Fingerprint scanning and facial recognition are set to solve one of the biggest weaknesses in digital security. By Peter Griffin.
As an online scam, it was as ingenious as it was lucrative.
California man Argishti Khudaverdyan, the owner of a T-Mobile store in Los Angeles, was last month found guilty of fraud and hacking charges after raking in about US$25 million in ill-gotten gains by accessing T-Mobile’s IT systems to unlock customers’ mobile phones.
You see, in the US, if you buy a phone from a carrier such as T-Mobile, Sprint or AT&T, use of the phone is typically “locked” to one network. New Zealand carriers, thankfully, don’t do this. For a fee, Khudaverdyan offered an unlock service via his website, unlocks247.com.
The key to the scam was gaining high-level access to T-Mobile’s user database. To do so, Khudaverdyan conducted email “phishing” attacks aimed at T-Mobile employees, stealing their passwords and login credentials in the process. Between 2014 and 2019, the money rolled in as Khudaverdyan worked within T-Mobile’s systems, unlocking thousands of phones, before his activity was uncovered. He will be sentenced for his crimes in October. But every day, lucrative scams are under way and they all rely on exploiting the biggest weakness in digital security – our flaky use of passwords.
