nanog mailing list archives

Re: Malicious SS7 activity and why SMS should never by used for 2FA

From: Mark Tinka <mark@tinka.africa>
Date: Mon, 19 Apr 2021 08:10:38 +0200



On 4/19/21 06:50, Julien Goodwin wrote:

This is already probably past the point of being on topic here, but you
tickled my personal favorite one of these.

My airline of choice (Qantas) has mandatory SMS second factor, after
perhaps a mobile carrier requiring it for support one of the most
facepalm-worthy uses of SMS 2FA I've seen.

It's interesting that VoWiFi is meant to support both voice and SMS,domestically and when one travels. So I'm curious why SMS's would notwork with VoWiFi when traveling to a country that won't deliver yourSMS's generically. After all, VoWiFi is, as far as I understand it,meant to be a direct IP tunnel back to your home network for bothbilling and service.

If anyone has more clue about this on the list, I'd really like to know,as my mobile service providers hardly know what I'm talking about when Iring them up with questions.


Mark.

Current thread:

Re: Malicious SS7 activity and why SMS should never by used for 2FA, (continued)
- - - Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Eric Kuhnke (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Julien Goodwin (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Eric Kuhnke (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Nathaniel Ferguson (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Randy Bush (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA bzs (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA bzs (Apr 20)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA William Herrin (Apr 18)
  - Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 18)
    - Re: Malicious SS7 activity and why SMS should never by used for 2FA William Herrin (Apr 18)

(Thread continues...)