Malicious SS7 activity and why SMS should never by used for 2FA

Mark Tinka mark at tinka.africa
Mon Apr 19 12:53:17 UTC 2021


On 4/19/21 14:47, Mel Beckman wrote:

> Then they can buy a hardware token. Using SMS is provably insecure, 
> and for people being spear-phished (a much more common occurrence now 
> that so much net worth data has been breached), a huge risk

Most regular folk (especially those that may not have smartphones) who 
have the option of SMS or a key fob will end up using SMS because it 
does not cause them to spend time standing in a queue in a building to 
give up cash.

Their belief that SMS is secure (enough) has nothing to do with whether 
it actually is. It's all about convenience, and how much they can get 
done without speaking to human.

If a key fob can be sent to them - preferably for free - that would help.

Mark.


More information about the NANOG mailing list