Following a report published by Motherboard about the concerns with SIM hacking and how user’s account can be hacked with SIM hacking, Instagram has announced rolling out the feature of non-SIM two-factor authentication that eliminates the risk of getting hacked as opposed to the SIM-based two-factor authentication system which is easy to hack. Although Instagram announced the presence of such a feature soon after Motherboard released its reports, it is likely that Instagram has been working on the solution for quite some time now.
Tipster and engineer Jane Manchun Wong who is known for her tips and leaks on the latest features in the tech world teased the first prototype version of the non-SMS-based two-factor authentication feature in Android’s Instagram APK code which she found out and later, publicized it on Twitter on her handle ‘@wongmjane’.
As of now, Instagram lets the user recover his/her account by typing the phone number associated to receive a code that can be fed onto the app to recover an account. However, Motherboard’ report clearly prescribed how this technology is vulnerable to SIM card hacking and how the hacker can get access to user’s Twitter, Instagram, Amazon, and almost all other accounts if the hackers hack user’s SIM card.
This is possible as the hacker might trick the service provider by furnishing social security number leaked thanks to the countless data breaches after which, the hacker could reassign the phone number to a new SIM card, thus, gaining access on all the apps and services that require SIM-based authentication. The hacker could sell potential data to international markets or exercised leverage on the user for financial gains. Soon, users across the globe will receive an update on Instagram’s new authentication feature that will use either Google’ Authenticator app or Authy to produce a numeric code with certain factors limiting its usage and it will definitely make the IG handle more secure and reliable.