nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malicious SS7 activity and why SMS should never by used for 2FA

From: Eric Kuhnke <eric.kuhnke () gmail com>
Date: Mon, 19 Apr 2021 02:17:10 -0700
I would start with cellular carriers and nations that intentionally take
steps to block anything VoIP as a threat to their revenue model. Or because
anything vpn/ipsec/whatever related is a threat to local Internet
censorship laws.

Plenty of places the sort of ipsec tunnel used for vowifi is not usable on
whatever consumer-grade cellular or local broadband ISP you might find.




On Sun, Apr 18, 2021 at 11:11 PM Mark Tinka <mark@tinka.africa> wrote:




On 4/19/21 06:50, Julien Goodwin wrote:


This is already probably past the point of being on topic here, but you
tickled my personal favorite one of these.

My airline of choice (Qantas) has mandatory SMS second factor, after
perhaps a mobile carrier requiring it for support one of the most
facepalm-worthy uses of SMS 2FA I've seen.


It's interesting that VoWiFi is meant to support both voice and SMS,
domestically and when one travels. So I'm curious why SMS's would not
work with VoWiFi when traveling to a country that won't deliver your
SMS's generically. After all, VoWiFi is, as far as I understand it,
meant to be a direct IP tunnel back to your home network for both
billing and service.

If anyone has more clue about this on the list, I'd really like to know,
as my mobile service providers hardly know what I'm talking about when I
ring them up with questions.

Mark.
Previous By Date Next
Previous By Thread Next

Current thread: