Those ‘verification codes’ (for two-factor authentication) sent to your mobile phone via text messaging are vulnerable……….

There are known vulnerabilities in mobile phone networks that enable eavesdropping of voice and SMS (text) communications. What has changed:  NIST issued a DRAFT publication that is now explicitly warning of this vulnerability (NIST Pub 800-63B, Sec. 5.1.3.2. Out of Band Verifiers). Also, an ‘exploit kit’ is available on the ‘Dark Web’ for a few hundred dollars enabling an attacker with minimal technical skill to ‘hack’ your mobile phone (BBC did a great piece with a layman’s description how this works). Consequently, two-factor authentication using ‘verification codes’ via text should not be considered secure.

About Don

Former VP/GM, Enterprise Application Development in several NASDAQ companies Partner Engagement Manager (Kforce, Inc.); development / deployment of Guest Experience Platform (Carnival Cruise Line) Chief Information Security Officer (CISO) Certification - Carnegie Mellon CIO Institute Certified Information Systems Security Professional (CISSP) Masters, Professional Studies, Georgetown University
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s