Malicious SS7 activity and why SMS should never by used for 2FA
mark at tinka.africa
Mon Apr 19 06:10:38 UTC 2021
On 4/19/21 06:50, Julien Goodwin wrote:
> This is already probably past the point of being on topic here, but you
> tickled my personal favorite one of these.
> My airline of choice (Qantas) has mandatory SMS second factor, after
> perhaps a mobile carrier requiring it for support one of the most
> facepalm-worthy uses of SMS 2FA I've seen.
It's interesting that VoWiFi is meant to support both voice and SMS,
domestically and when one travels. So I'm curious why SMS's would not
work with VoWiFi when traveling to a country that won't deliver your
SMS's generically. After all, VoWiFi is, as far as I understand it,
meant to be a direct IP tunnel back to your home network for both
billing and service.
If anyone has more clue about this on the list, I'd really like to know,
as my mobile service providers hardly know what I'm talking about when I
ring them up with questions.
More information about the NANOG