Malicious SS7 activity and why SMS should never by used for 2FA
Mark Tinka
mark at tinka.africa
Tue Apr 20 04:37:55 UTC 2021
On 4/19/21 15:33, Mel Beckman wrote:
> Tom,
>
> Well, yes, not everyone can afford all technology options. That’s
> life. One has to wonder how someone who needs to protect online
> accounts cannot afford a $30 hardware token (which can be shared
> across several accounts). These low-income people are not the targets
> of identity thieves, spear fishers, or data ransomers. Unlike you, I
> AM arguing against something: SMS as a 2FA token. In this case I don’t
> think we have ignored low-income users, for the same reason that home
> alarm security aren't ignoring low-income users who can’t afford their
> products. It’s certainly no reason to hobble security for the rest of us.
Hmmh, I'm not quite sure that is accurate. Low-income folk will
certainly have a mobile service, even though they might not have enough
to buy a security alarm once the rent is paid.
Take finance, for example, in places like East Africa, they folk are
lucky that they don't need a bank account to either put money away or
transact for everyday needs. In other countries that don't have this
(mobile money), low-income folk who earn a living will have a bank
account, and even that one will come with some kind of online access.
The issue isn't so much the product. The issue is that mobile services
are so basic and fundamental, everybody, regardless of their financial
position, will have one. The stats say that as of 2020, of the number of
users around the world using mobile phones, only 46% of them are "smart".
Mark.
More information about the NANOG
mailing list