Security gurus have suggested for years that relying on SMS for two-factor authentication is a bad idea. Reasons include
- Your phone may be stolen
- Many people allow SMS messages to be displayed on lock screens
- Your phone can be SIM-cloned
- People inside your phone carrier may have access to your text messages
But here’s a new issue. A little-known company named Syniverse revealed something interesting in an SEC filing:
“Syniverse has experienced, and may in the future face, hackers, cybercriminals or others gaining unauthorized access to, or otherwise misusing, its systems to misappropriate its proprietary information and technology, interrupt its business, and/or gain unauthorized access to its or its customers’ confidential information.
For example, in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization (the “May 2021 Incident”). Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals. Syniverse has conducted a thorough investigation of the incident.”
Just who is Syniverse? A company that routes billions of text messages annually for all major US cell phone carriers.
Ars Technica has more coverage.
Related Posts:
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
Leave a Reply