SMS has been around forever, and that means that many of us have it set up for all kinds of things, with hospital appointment reminders, two-factor authentication codes, and more sent in text form to a user’s phone. That’s all worked relatively well on the whole, but a newly reported data breach has highlighted how frail that process can be.
The problem was noted after a Berlin-based security researcher called Sébastien Kaul discovered that a Voxox-managed database was discoverable, completely unprotected, and even searchable for identifiable information like names and telephone numbers.
There were 26 million text messages found in total, and they were all wide open. With the database remaining available even after the security flaw was found, it’s possible that anyone could have potentially intercepted messages – including those used for two-factor authentication. The database was only taken offline once TechCrunch got involved.
Two-factor authentication is used to offer another line of authentication beyond usernames and passwords. Once those two things are provided, a code is sent to the user via SMS, which should, in theory, mean only someone with their phone can enter it and gain access. However, if the messages on the Voxox server were compromised, that might not be the case here.
What this really teaches us, beyond the fact that nothing seems to be secure these days, is that using SMS for things like two-factor authentication is a bad idea. Using apps like Google Authenticator, Authy, or similar apps is a better bet when it comes to generating two-factor authentication codes, but how many will make the shift even after the frailty of SMS has been laid bare?
(Source: TechCrunch)
You may also like to check out:
- Download iOS 12.1.1 Beta 3 IPSW Links And OTA, tvOS 12.1.1, macOS 10.14.2, watchOS 5.1.2 Beta 2
- Jailbreak iOS 12.1 On iPhone XS Max Achieved By KeenLab
- Jailbreak iOS 12.0.1 Gets New Hope As Project Zero’s Bug Has Been Found To Have Been Patched In iOS 12.1
- 2018 iPad Pro 11 / 12.9-Inch Glass Screen Protector: Here Are The Best Ones Available Today [List]
- Downgrade iOS 12.1 To iOS 12.0.1 On iPhone Or iPad, Here’s How
- Download iOS 12.1 Final IPSW Links, OTA Update For iPhone And iPad
- Jailbreak iOS 12.1 / 12.0.1 / 12 On iPhone And iPad [Status Update]
- Download 2018 iPad Pro Wallpapers For Any iPad, iPhone
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.