1 comment

[ 5.7 ms ] story [ 14.6 ms ] thread
Since many commenters on HN don't seem to be aware that 2FA over text messages is inherently insecure. This article outlines how a sophisticated attacker doesn't even need to perform the SIM swapping trick as done here https://news.ycombinator.com/item?id=19971953.

The first report of this technique - that I'm aware of - was at the 2014 31C3 in Berlin. The Motherboard article however is from 2019.

Slides: https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipula...

Talk: https://media.ccc.de/v/31c3_-_6249_-_en_-_saal_1_-_201412271...