What types of security risks are there?
The SMS hijacking:
SMS messages with one-time passwords can be intercepted with little effort. The security researcher Lucky225 tells the US magazine Vice that he can easily redirect any SMS messages to his cell phone. The attack exploits a huge database in the USA containing SMS routing information. The entries are routed via the Override Services Registry (OSR). Services that use these OSR entries to redirect numbers can be abused. However, these special cases only exist in North America and cannot simply be transferred to Germany.
Man-in-the-middle attack
A man-in-the-middle attack is a type of attack in which the hacker interposes himself between the victim and the hardware or software he is using. Messages can be intercepted or the criminal can pretend to be one of the two people. Certain programs or devices can be used for the attacks; it is important for the hacker’s success that he remains undetected. The information the hacker obtains can be used to commit further crimes such as Identity theft, stealing intellectual property or even falsifying complete transactions.
Social engineering
Social engineering enables perpetrators to fake false identities or intentions. This enables them to obtain information, data or similar. The criminals pretend to be technicians or employees of telecommunications companies. The victims are pressured into disclosing their login details or account information. A common method is deceptively genuine-looking e-mails that redirect the victims to fake websites and intercept login information there.
Identity theft
Client-side certificates can be used for online authentication. These offer the possibility of two-factor control and enable authentication between clients and servers. If client-side certificates can be stolen, authentication can be bypassed and identity theft can be committed.
SQL injection
SQL injection is one of the most common types of attack. Code can be infiltrated via an SQL injection, allowing hackers to spy out or even manipulate information. In the worst case scenario, the hackers gain control over the entire database.