Second Factor #SMS: Worse Than Its Reputation
Source: https://www.ccc.de/en/updates/2024/2fa-sms
IdentifyMobile, a provider of 2FA-SMS, shared the sent one-time passwords in real-time on the internet. The #CCC happened to be in the right place at the right time and accessed the data. It was sufficient to guess the subdomain "idmdatastore". Besides SMS content, recipients' phone numbers, sender names, and sometimes other account information were visible.
#news #security #internet #2fa #mobile #cybersecurity #problem #password
like this
N. E. Felibata 👽 reshared this.