While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn’t mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it’s surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
The insecurity of SMS is the inability of telcos to secure number porting. If someone wants to compromise your shit, they can easily steal your phone number, if your phone number is sufficiently public
One defence is to have a second service that is only used for authentication, and never share the number except to those providers that need to message you codes
If you’re targeting a specific individual, cloning their SIM or performing another number hijack or even intercepting their SMS in flight, are all viable.
For broader, more general attacks SMS is usually enough to keep anyone out.
While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn’t mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it’s surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
The insecurity of SMS is the inability of telcos to secure number porting. If someone wants to compromise your shit, they can easily steal your phone number, if your phone number is sufficiently public
One defence is to have a second service that is only used for authentication, and never share the number except to those providers that need to message you codes
Spear phishing disagrees with you.
If you’re targeting a specific individual, cloning their SIM or performing another number hijack or even intercepting their SMS in flight, are all viable.
For broader, more general attacks SMS is usually enough to keep anyone out.