Those ‘verification codes’ (for two-factor authentication) sent to your mobile phone via text messaging are vulnerable……….

There are known vulnerabilities in mobile phone networks that enable eavesdropping of voice and SMS (text) communications. What has changed:  NIST issued a DRAFT publication that is now explicitly warning of this vulnerability (NIST Pub 800-63B, Sec. 5.1.3.2. Out of Band Verifiers). Also, an ‘exploit kit’ is available on the ‘Dark Web’ for a few hundred dollars enabling an attacker with minimal technical skill to ‘hack’ your mobile phone (BBC did a great piece with a layman’s description how this works). Consequently, two-factor authentication using ‘verification codes’ via text should not be considered secure.

About Don

Former C-Level Exec of NASDAQ company InfoSec Certifications: CISSP, CISO (Carnegie Mellon CIO Institute) / Founding member of several 'startups' / Georgetown University, Masters, Technology Management / InfoSec Certifications: CISSP, CISO (Carnegie Mellon CIO Institute)
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s