Malicious SS7 activity and why SMS should never by used for 2FA

• Previous message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Next message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Every SMS 2FA should check the current carrier against the carrier when
enrolled and unenroll SMS for 2FA when a number is ported out. BofA and a
few others do this.

--
Tim

On Sat, Apr 17, 2021, 8:02 PM Eric Kuhnke <eric.kuhnke at gmail.com> wrote:

>
> https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80
>
>
> https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/
>
>
> Anecdotal: With the prior consent of the DID holders, I have successfully
> ported peoples' numbers using nothing more than a JPG scan of a signature
> that looks like an illegible 150 dpi black and white blob, pasted in an
> image editor on top of a generic looking 'phone bill'.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210417/e576bbe5/attachment.html>

• Previous message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Next message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]