nanog mailing list archives
Re: Malicious SS7 activity and why SMS should never by used for 2FA
From: Mark Tinka <mark@tinka.africa>
Date: Mon, 19 Apr 2021 08:10:38 +0200
On 4/19/21 06:50, Julien Goodwin wrote:
This is already probably past the point of being on topic here, but you tickled my personal favorite one of these. My airline of choice (Qantas) has mandatory SMS second factor, after perhaps a mobile carrier requiring it for support one of the most facepalm-worthy uses of SMS 2FA I've seen.
It's interesting that VoWiFi is meant to support both voice and SMS, domestically and when one travels. So I'm curious why SMS's would not work with VoWiFi when traveling to a country that won't deliver your SMS's generically. After all, VoWiFi is, as far as I understand it, meant to be a direct IP tunnel back to your home network for both billing and service.
If anyone has more clue about this on the list, I'd really like to know, as my mobile service providers hardly know what I'm talking about when I ring them up with questions.
Mark.
Current thread:
- Re: Malicious SS7 activity and why SMS should never by used for 2FA, (continued)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Eric Kuhnke (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Julien Goodwin (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Eric Kuhnke (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Nathaniel Ferguson (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Randy Bush (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA bzs (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA bzs (Apr 20)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA William Herrin (Apr 18)