Wednesday, December 07, 2016

thought SMS was a secure 2FA method? maybe not as safe as you assume

This article suggests that 2 factor authentication by SMS is insecure.  This conclusion is based on the observation and interpretation of a recent hack on blockchain based cryptocurrency.

http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones

Long article, but once you have completed all the steps, you can relax, a little.
Until then, malware attacks on your phone, or a "too helpful" phone company helpdesk, can defeat the assumption that you are actually in control of your phone and SMS messages.  If you use SMS for 2 factor authentication and you are the victim of this type of malware, game over.