LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

The Syniverse Hack: Why Using SMS for 2FA is a Bad Idea

Tags: , , , , , , , , Date/Time: October 5, 2021 @ 7:31 pm, by raindog308

SyniverseSecurity gurus have suggested for years that relying on SMS for two-factor authentication is a bad idea.   Reasons include

  • Your phone may be stolen
  • Many people allow SMS messages to be displayed on lock screens
  • Your phone can be SIM-cloned
  • People inside your phone carrier may have access to your text messages

But here’s a new issue.  A little-known company named Syniverse revealed something interesting in an SEC filing:

“Syniverse has experienced, and may in the future face, hackers, cybercriminals or others gaining unauthorized access to, or otherwise misusing, its systems to misappropriate its proprietary information and technology, interrupt its business, and/or gain unauthorized access to its or its customers’ confidential information.

For example, in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization (the “May 2021 Incident”). Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals. Syniverse has conducted a thorough investigation of the incident.”

Just who is Syniverse?  A company that routes billions of text messages annually for all major US cell phone carriers.

Ars Technica has more coverage.

 

I'm Andrew, techno polymath and long-time LowEndTalk community Moderator. My technical interests include all things Unix, perl, python, shell scripting, and relational database systems. I enjoy writing technical articles here on LowEndBox to help people get more out of their VPSes.

No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *