This is certainly not the first time YouTube has been hacked, nor will it be the last. But what happened – or, rather, what is happening – is not a good signal for the security of the video streaming platform and, if we want to broaden the horizon, of all the services offered by Google. There are several cases that are occurring of infiltrating some popular creator accounts on the net to replace the original videos with cryptocurrency advertisements.
And what’s worrying is the fact that to do this the two-factor authentication system that Big G first introduced for Partner Program subscribers – creators, and in general those who monetize through YouTube – was violated and then extended to all. Among them, the popular YouTuber Mrwhosetheboss (aka Arun Maini) also fell victim to the attack.
I think someone just got into my YouTube account and posted something
Did anyone manage to get a screen recording?
— Arun Maini (@Mrwhosetheboss) January 24, 2022
Fortunately, for now, the cases are limited and have involved both creators and YouTube accounts dealing with cryptocurrencies. All show – they showed, rather, because they were removed because they violated the rules of the platform – the digital currency object of the “advertisement”, complete with address to contact, price and the words “One World Cryptocurrency”.
The message is accompanied by a nice (so to speak) acoustic signal associated with the word “Preview” which is repeated in a loop. The damage appears to be limited to this: replacing the original video with a cryptocurrency advertisement. That’s all, in short, without any intention (at least so it seems) to steal personal data or delete the other videos published by the account victim of the attack. So how was it possible to circumvent the two-factor authentication system?
THE MOST ACCREDITED HYPOTHESIS
Here we enter the field of hypotheses: one of these is called SIM Swapping, a technique which in itself is not illegal, being for example the basis of the system of portability of one’s telephone number. In practice, it is a method for separating the physical identity of the SIM from the digital identity of the phone number.
A hacker can rely on this solution to obtain the victim’s phone number, for example with social engineering practices to circumvent the telephone operator by convincing him to give him a new physical SIM by posing as the real customer.
In this way, the hacker (or hackers , it has not yet been ascertained) would have managed not only to steal the access data to the victim’s Google account, but also to obtain the authentication code that is received on the your smartphone for further verification. Once the correct sequence is entered, the damage is done.