anonymiss

Second Factor #SMS: Worse Than Its Reputation


Source: https://www.ccc.de/en/updates/2024/2fa-sms
IdentifyMobile, a provider of 2FA-SMS, shared the sent one-time passwords in real-time on the internet. The #CCC happened to be in the right place at the right time and accessed the data. It was sufficient to guess the subdomain "idmdatastore". Besides SMS content, recipients' phone numbers, sender names, and sometimes other account information were visible.
#news #security #internet #2fa #mobile #cybersecurity #problem #password
#security #ccc #news #mobile #internet #Problem #password #2FA #cybersecurity #sms
N. E. Felibata 👽 hat dies geteilt

This website uses cookies to recognize revisiting and logged in users. You accept the usage of these cookies by continue browsing this website.