While I’m on the security beat today, Vice is highlighting how easy it is to hijack SMS messages. Using a service by company Sakari, which sells SMS marketing and mass messaging, hackers reroute texts without a SIM Swap. All without the victim even noticing. From there, you can easily move onto hijacking accounts just by asking – most companies are not verifying the Letters of Authorization that sets this attack up.
Why do we care?
Any security guru will tell you 2FA is better when it’s a physical key or using an authenticator over SMS. That SMS is this insecure is frightening.
I’ll ask about a hole in the market – is there a way to check automatically for customers this is setup right? As I look at the cloud management space and the idea of scanning for configuration changes… can you scan for this? Can you stay vigilant across accounts to ensure it’s all setup right? Someone let me know.