Malicious SS7 activity and why SMS should never by used for 2FA
mark at tinka.africa
Mon Apr 19 12:53:17 UTC 2021
On 4/19/21 14:47, Mel Beckman wrote:
> Then they can buy a hardware token. Using SMS is provably insecure,
> and for people being spear-phished (a much more common occurrence now
> that so much net worth data has been breached), a huge risk
Most regular folk (especially those that may not have smartphones) who
have the option of SMS or a key fob will end up using SMS because it
does not cause them to spend time standing in a queue in a building to
give up cash.
Their belief that SMS is secure (enough) has nothing to do with whether
it actually is. It's all about convenience, and how much they can get
done without speaking to human.
If a key fob can be sent to them - preferably for free - that would help.
More information about the NANOG