4 comments

[ 1.7 ms ] story [ 18.9 ms ] thread
Ok. So, this community has a lot of knowledge with respects problems like this.

What are your thoughts regarding how to protect ones self from this type of attack?

This is a bleeding edge problem. It goes after 2-factor auth, and it's likely to become more common.

Do not use SMS or voice for MFA. These are weak MFA factors. Push notification auth to app only, requiring biometrics to approve. Secure hardware tokens are a gold standard, but rare.

If your bank or financial services provider leverages SMS/voice for MFA, they’re setting you up to fail. Switch providers, they’re dumping the liability on their customers.

https://2fa.directory/us/

(I own customer identity requirements at a fintech, thoughts and opinions my own)

> What are your thoughts regarding how to protect ones self from this type of attack?

Never ever use SMS 2FA Auth or if you provide a login system, do not offer it as an option.

most are moving to passwordless. also known as passkey, or 3rd-party-password-overlord, or not-your-password-anymore.

just kidding. it's only apple and Microsoft. meanwhile EU commission just removed OTP option from their SSO and forced you to move to SMS