WatchGuard Blog

Mobile device DNA: what is and why should your MFA solution have it?

Multi-factor authentication adoption is booming. Regulatory pressures from different global initiatives, combined with companies making it a prerequisite to use their services and the rise in implementing the zero-trust model, have increased spending on this solution.

The MFA market is estimated to be worth $12.9 billion and is expected to reach $26.7 billion by 2027, with an annual growth rate of 15.6% from 2022 to 2027. Moreover, in 2022, 92% of companies have used this technology for at least some business applications. 

While this tool adds an extra layer of protection for credentials, it may not be enough, as cybercriminals can circumvent it by employing phishing and social engineering tactics to distract users. At the same time, they deploy techniques to hack MFA defenses.

What are SIM swap attacks, and how do they work?

One-time codes sent via SMS are ubiquitous in legacy MFA technologies. In a swap attack, a malicious actor takes over the actual person's phone number by requesting that a mobile telecommunications provider links this number to a new SIM in their control.

First, the malicious actor must convince the telecom provider to perform this SIM swap through social engineering techniques by impersonating the actual customer and claiming that the original SIM is damaged or lost. Then, if the attack is successful, the victim's phone will lose connection to the network, and they won’t be able to either receive or make phone calls.

Once the new SIM is installed, hackers can use it to get the codes that will enable them to bypass the MFA, reset account credentials and gain unauthorized access. To impersonate their victim, the hacker will start by gathering the necessary information. There are various routes they can take to obtain this data, including social engineering, phishing, malware, exploiting information from data breaches, or researching social media.

Armed with the necessary information, the cybercriminal can convince the mobile network operator to transfer the mobile number to a new SIM card or perform the process personally online. In February this year, the FBI issued a public warning about the increase in this type of threat. It revealed that, from January 2018 to December 2020, they had received 320 reports related to SIM swapping incidents, generating losses of approximately $12 million. However, in 2021 alone, they received 1,611 SIM swap complaints with losses exceeding $68 million. These figures clearly show the need for action to prevent SIM swap attacks.

Mobile DNA: the function that ensures enhanced protection

Today, the evolution of the tactics used by cybercriminals can fool even the most cybersecurity-conscious among us. A Verizon report states that human error accounts for 82% of data breaches. So, implementing a traditional MFA solution may not be enough.

WatchGuard's AuthPoint solution is strengthened with a feature that guarantees that only the user can access their online accounts and assets from their mobile device. It uses its "Mobile DNA" to ensure that the person seeking to log in owns the phone. This feature prevents hackers from gaining access by using SIM swapping because the solution generates a unique DNA for that device, so any login attempt from another mobile would be blocked immediately. In addition, our DNA is well placed against exploitation of Signaling System No. 7 (SS7) protocol vulnerabilities and SIM swap in line with the last CISAS’s multi-factor authentication guideline to tackle phishing. Once a session is initiated, the AuthPoint application recreates the mobile DNA and includes it in the one-time password (OTP) calculation. If any of the unique characteristics of the mobile device were to be modified (e.g., attempting to set it up on a different device), an invalid OTP would be generated, and access would be denied. As well as preventing login, it is possible to know if an attacker attempted to access the account, as access approval and denial information is logged in the control panel so that it can be verified at any time.

As the mobile DNA is unique for each device, if a user replaces their mobile, they can migrate the token from one mobile to another while still having both mobile devices or ask their IT team to generate a new registration. The new token automatically deactivates the old one, so there is no risk of it being used in the event of theft. Likewise, if employees leave the company, their tokens can be quickly deleted from the Cloud to prevent them from authenticating at a later date. Similarly, it is possible to replace users with others in the event of staff turnover, so companies can rely on a specific number of licenses without purchasing new ones.

In short, using mobile DNA for multi-factor authentication is a more secure option for protecting accounts. If cybercriminals’ advanced tactics can confuse their victims, they won’t be able to mislead the application, which will always recognize the device's unique DNA.