The most likely SMS breach remains a socially engineered hack, where you’re tricked into forwarding the SMS to a “friend.” And while we have seen clever phishing sites that trick users into giving up such codes, those remain relatively unusual. They need to find a way to link account credentials to the SMS code you will then receive, and they need to breach that account inside that code’s time window. An attacker needs to know your phone number or plant malware on your smartphone. SMS security compromises are different, they’re targeted. The simplest attacks dupe users into forwarding the codes they receive to others.Ībsent MFA, though, and attacks can be much more indiscriminate, compromising accounts en masse through breached or reused credentials. Simpler attacks focus on SIM-swapping, where networks are tricked into issuing duplicate SIM cards or phishing sites that entice users into entering their credentials-which are then entered behind the scenes into the real site-and then the MFA code when it’s received. What this means is that signals can be intercepted by anyone who can get access to the switching network or within the radio range of a device.”Ī relatively sophisticated attack can intercept SMS messages within the network or deploy malware on smartphones to harvest codes as they’re received, along with usernames and passwords. From a practical usability perspective, we can’t overlay encryption onto these protocols because users would be unable to read them (there are other reasons too, like message bloat, which have prevented these from taking hold over the existing protocols). “When SMS and voice protocols were developed,” Weinert explains, “they were designed without encryption. In reality, this new warning from Microsoft presents all the reasons we should be moving away from SMS for any of our communications. When you send an SMS, it might be secure between your phone and your network, but once there it can bounces in plain text form between various SMS message centers inside various carriers en route from sender to recipient. The problem with SMS is that it’s built on an archaic architecture that sits inside the many cellular networks around the world.
0 kommentar(er)
