Working Principle
Intercepting SMS with the code to restore access to the target account
The main security vulnerability is the mechanism of password recovery via SMS. This method allows to intercept a data packet through the SS7 transmission protocol vulnerability and obtain the login and authorization password. To crack the password, HackMachine uses a certain sequence of actions leading to the identification of the phone number tied to the account. The software then initiates a password recovery procedure via a passcode with an access code and intercepts the sent message. Using the received code, the application passes authorization to the account on the virtual device.
| likelihood | severity | incidents | |
|---|---|---|---|
|
SIM swap
|
|
|
3.4k takeovers |
|
Phishing
|
|
|
8.7k reports |
|
Session hijacking
|
|
|
2.1k incidents |
|
Malicious backup
|
|
|
1.2k exposures |
|
Weak recovery
|
|
|
4.0k attempts |
|
Credential stuffing
|
|
|
2.8k compromises |
|
Malicious clients
|
|
|
1.5k downloads |
|
Social engineering
|
|
|
6.0k reports |
|
Metadata leakage
|
|
|
12k records |
|
Device compromise
|
|
|
420 incidents |
We use browser cookies that are necessary for the website to function properly. For example, we store your website data collection settings so that we can comply with them if you return to our website. You can disable these cookies in your browser settings, but if you do so, the website may not function as intended.
To understand user behavior in order to provide you with a more relevant browsing experience or to personalize content on our website. For example, we collect information about which pages you visit to help us provide more relevant information.
To personalize and measure the effectiveness of advertising on our website and other websites. For example, we may show you personalized ads based on the pages you visit on our website.