29/01/2024

Tradelink CTO interviewed by TVB news programme 'A Closer Look' to shed light on risks of using 2FA via mobile phones

As a leading solution provider in the identity management space in Hong Kong, Tradelink's Executive Director and Chief Technology Officer, Andrew Cheng, was invited to share his insights on the potential risks of using two factor authentication (2FA) via mobile phones in an interview with TVB news programme 'A closer look' broadcasted on 22 Jan 2024.

In the interview, Andrew pointed out that cybercriminals have become increasingly adept at exploiting weaknesses in the mobile ecosystem. While SMS one-time password (OTP) has taken over hard token as a more commonly used 2FA method, it actually is more vulnerable to cyberattacks, "we saw more and more customers from the banking and financial services sector opt for SMS OTP in conducting 2FA, due to its convenience and lower cost compared to hard tokens. However, the fact that OTP operates via cellular network makes it more exposed to cyber threats."

To give an example of how hackers target SMS OTP, Andrew demonstrated how an OTP sent to a mobile phone infected with malware can be easily intercepted and stolen in just 5 seconds. The news programme also invited other cybersecurity experts to demonstrate some other latest identity theft techniques such as setting up fake base station to intercept SMS, using deepfake to bypass facial recognition, etc.

As the news programme drew to a close, Andrew offered his insight on how one could reduce cybersecurity risk in daily life, “nowadays, many cyberattacks come in a form of social engineering, that is to say, to exploit human error to harvest user credentials. So, we should remind ourselves not to make the first mistake to create chances for hackers. Don't download suspicious applications on your mobile phone or go to suspicious websites."

We are delighted to be invited to share our knowledge and expertise to help raise public awareness on cybersecurity. At Tradelink, we will continue to develop and provide practical identity management solutions to enable our clients to safeguard the digital identity of people in Hong Kong and elsewhere.