A detailed investigation by Motherboard has revealed that hackers can find their way around SMS-based two-factor authentication by stealing a target’s phone number and reassigning it to a different SIM card. They can then use it to reset passwords and sell stolen accounts online for bitcoin. Instagram has now confirmed that it’s developing a safer, non-SMS-based two-factor authentication system.

The investigation mentioned that Instagram accounts were particularly vulnerable since the app only provides two-factor authentication through SMS that delivers the login code or password reset through text message.

The Facebook-owned service has now confirmed to TechCrunch that it’s developing a non-SMS-based two-factor authentication system which works with security apps such as Google Authenticator. They generate a special code which users need to log in. The code can’t be generated on another device if the number is stolen and reassigned to a hacker’s SIM card.

Jane Manchun Wong, who has developed a reputation for digging into apps to find unreleased features, has found a prototype of the upgraded two-factor authentication feature in Instagram for Android’s APK.

A spokesperson for Instagram has confirmed that this feature is indeed being developed. “We’re continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication,” the spokesperson added. It’s unclear at this point in time, though, when this feature is going to be rolled out for all users.

Filed in Cellphones. Read more about and .

Discover more from Ubergizmo

Subscribe now to keep reading and get access to the full archive.

Continue reading