Is SMS 2FA Secure?


23 bookmarks. First posted by dsalo 13 days ago.


Is SMS 2FA Secure?
No.
An Empirical Study of Wireless Carrier Authentication for SIM Swaps
We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap.
We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers.
We reverse-engineered the authentication policies of over 140 websites that offer SMS-based authentication, and rated the vulnerability level of users of each website to a SIM swap attack.
We found 17 websites on which user accounts can be compromised based on a SIM swap alone.
mobile  security  sms  2fa 
8 days ago by RBarnard
RT : This is a great paper on the pitiful state of SMS and mobile carriers.
from twitter
8 days ago by windley
Is SMS 2FA Secure? via Instapaper https://ift.tt/2NezQsC
IFTTT  Instapaper 
10 days ago by chaoxian
We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap.
We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers.
We reverse-engineered the authentication policies of over 140 websites that offer SMS-based authentication, and rated the vulnerability level of users of each website to a SIM swap attack.
We found 17 websites on which user accounts can be compromised based on a SIM swap alone.
sms  security 
10 days ago by unclespeedo
Kevin Lee, Ben Kaiser, Jonathan Mayer, Arvind Narayanan.
<br>
Manuscript, 2020.
main  pubx  type:Draft  date:2020-01-10 
11 days ago by randomwalker
SMS is not 2FA-secure
from twitter_favs
12 days ago by varnothing
SMS is not 2FA-secure via Instapaper https://www.issms2fasecure.com/
IFTTT  Instapaper 
12 days ago by zhangtai
SMS is not 2FA-secure
from twitter_favs
12 days ago by Jeunj
On SIM swapping.
510  mobile  socialengineering 
13 days ago by dsalo