" sms messages Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘sms messages’

SIM-Swapping: Why SMS Authentication Is a Bad Idea

Thursday, October 11th, 2018

SMS authentication has been around for a while now. Sure, it’s a bit of a hassle to get those codes sent from your bank or your other accounts–especially if your phone’s in the next room–but at least it makes you feel safe.

Unfortunately, it’s nowhere near as safe as you may think. The concept of two-factor authentication is an important aspect of beefing up your security, but SMS has some major vulnerabilities which can work around the primary factor, stripping away a layer of your security and potentially making you more vulnerable than you would have been without it.

What Is SIM-swapping?

SIM-swapping is your biggest concern when it comes to SMS authentication. It involves an attacker calling up the cell-phone provider of their target and impersonating them. They tell the operator that they’ve lost their SIM card or had their phone stolen, and ask them to switch the cell phone number over to a new SIM card which they have in their possession.

All they need is a bit of social engineering skill and some of the victim’s information, which they can find through social media, data leaks or through phishing. With this personal information, they breeze past any security questions that the operator might ask. Once everything seems to be in order, the operator will assume the request is legitimate and quickly switch over the phone number to the attacker’s SIM card.

Once it has been switched over, the number is disconnected from the victim’s SIM card and all of their calls and messages are diverted to the attacker. This gives the attacker an absurd amount of power to wreak havoc on the victim’s life.

Read the rest of this post »

Text Messages are Faster than Email, but not Instantaneous!

Wednesday, May 4th, 2011

We have discussed how email messages should not be expected to arrive instantly.  This naturally brings to mind “text messages” (aka SMS messages) that people send to their cell phones.  These are commonly expected to be delivered “instantly” — but that is also not always the case.  While text messages are generally very fast, and usually more quickly delivered than email messages, they are not always “instant”.

Read the rest of this post »