this post was submitted on 24 Feb 2024
731 points (98.4% liked)
Technology
60087 readers
2731 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Theoretically anyone at the right point can read all your SMS texts.
A great example being the police "stingray tower" system that masquerades as a cell tower that your phone will happily (and quietly) connect to.
Convince a phone that you're just another authorized relay, have a target in mind, and it's like reading postcards before they hit the mailbox.
This is also why it's an absolute joke for 2FA, but institutions like banks still happily use it because it's easy to understand.
Not only easy to understand but for a while it was the only way to do 2fa that was usable by lots of people. Smartphones aren't as ubiquitous as people think, even today.
SMS's fall from grace wasn't actually that it could be intercepted, it was the fact it started being used as an excuse to ask for a phone number and use that to track people.
Google still won't allow you to use any form of 2fa if you don't give them a phone number. Twitch/Amazon too. Facebook used to (until they got Whatsapp, now they don't need to ask.) LinkedIn used to (until they got broken into so many times it became a humongous liability).