There are known vulnerabilities in mobile phone networks that enable eavesdropping of voice and SMS (text) communications. What has changed: NIST issued a DRAFT publication that is now explicitly warning of this vulnerability (NIST Pub 800-63B, Sec. 5.1.3.2. Out of Band Verifiers). Also, an ‘exploit kit’ is available on the ‘Dark Web’ for a few hundred dollars enabling an attacker with minimal technical skill to ‘hack’ your mobile phone (BBC did a great piece with a layman’s description how this works). Consequently, two-factor authentication using ‘verification codes’ via text should not be considered secure.
Categories
-
Recent Posts
- Saving Science
- Google (Waymo) technology misappropriation claim against Uber
- Ominous Trend in Cyberattacks by Foreign Powers
- Those ‘verification codes’ (for two-factor authentication) sent to your mobile phone via text messaging are vulnerable……….
- Cyber Risk – where to begin for small & mid-size firms
Archives