nanog mailing list archives

Re: Malicious SS7 activity and why SMS should never by used for 2FA

From: Tim Jackson <jackson.tim () gmail com>
Date: Sat, 17 Apr 2021 20:25:03 -0500

Every SMS 2FA should check the current carrier against the carrier when
enrolled and unenroll SMS for 2FA when a number is ported out. BofA and a
few others do this.

--
Tim

On Sat, Apr 17, 2021, 8:02 PM Eric Kuhnke <eric.kuhnke () gmail com> wrote:


https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80


https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/


Anecdotal: With the prior consent of the DID holders, I have successfully
ported peoples' numbers using nothing more than a JPG scan of a signature
that looks like an illegible 150 dpi black and white blob, pasted in an
image editor on top of a generic looking 'phone bill'.

Current thread:

Malicious SS7 activity and why SMS should never by used for 2FA Eric Kuhnke (Apr 17)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Tim Jackson (Apr 17)
  - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 17)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Dan Hollis (Apr 17)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA John Adams (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA William Herrin (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA John Adams (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 19)

(Thread continues...)