Malicious SS7 activity and why SMS should never by used for 2FA

Mark Tinka mark at
Mon Apr 19 06:10:38 UTC 2021

On 4/19/21 06:50, Julien Goodwin wrote:

> This is already probably past the point of being on topic here, but you
> tickled my personal favorite one of these.
> My airline of choice (Qantas) has mandatory SMS second factor, after
> perhaps a mobile carrier requiring it for support one of the most
> facepalm-worthy uses of SMS 2FA I've seen.

It's interesting that VoWiFi is meant to support both voice and SMS, 
domestically and when one travels. So I'm curious why SMS's would not 
work with VoWiFi when traveling to a country that won't deliver your 
SMS's generically. After all, VoWiFi is, as far as I understand it, 
meant to be a direct IP tunnel back to your home network for both 
billing and service.

If anyone has more clue about this on the list, I'd really like to know, 
as my mobile service providers hardly know what I'm talking about when I 
ring them up with questions.


More information about the NANOG mailing list