The double authentication
allows you to secure your online accounts and personal data
that are attached to it. However, the Swiss company Mitto AG, which supplies the biggest names in tech like Twitter
Google, WhatsApp
or Telegram
also uses it for its cyber-surveillance activities…
After the suspicions of surveillance revealed in December by BloombergTwitter finally announces that it is parting ways with its two-factor authentication provider, Mitto AG.
A service widely used by tech giants
Two-factor authentication (or A2F) is a very reliable way to protect your online accounts, and everyone should use this protocol. However, the Swiss company Mitto AG – the main supplier in this sector – did not quite stop where it should have.
Its main activity is the sending of mass SMS, which companies like Google, LinkedIn, TikTok, WhatsApp, Telegram, etc. use for authentication codes, but also for business proposals and appointment reminders.
Its advantage, compared to its competitors, is that it covers more than a hundred countries, in particular areas that are sometimes difficult to access such as Iran or Afghanistan. For this, it has concluded interconnection agreements with local mobile operators.
2FA and targeted cyber surveillance
But these operators give it access to the SS7 signaling protocol, which is not very secure, which makes it quite simple to geolocate a user, or even to intercept his communications. In short, Mitto AG has the ability to spy on targeted people, via their smartphones.
And Ilja Gorelik, former co-founder and COO of Mitto AG, allegedly sold access to these networks to governments and spy companies between 2017 and 2018.
He reportedly left the company after allegations of surveillance by Bloomberglast December, without it being known whether this decision was on his own or if he was pressured.
Twitter separates from Mitto AG
Although Ilja Gorelik has left the company, the surveillance allegations against the Swiss firm have worried the social network Twitter, which announced to US Senator Ron Wyden (Oregon) that it had finally separated from its partner Mitto AG.
For now, Twitter has not mentioned the temporary suspension of the SMS two-factor authentication system.
As a reminder, especially for those who are worried after reading these lines, the social network offers you two other A2F systems: an authentication application and a security key. To learn more about this subject, we invite you to consult the Twitter help page
.
Source: Malwarebytes Labs
, Bloomberg
8