A leaky database of SMS messages is a reminder that SMS is really, really insecure


#1

Originally published at: https://boingboing.net/2018/11/16/thanks-voxox.html


#2

How much of this is the fault of SMS, and how much is really the fault of Vovox for not securing their systems? Looks like this was garden-variety pwnage, and not caused by SMS being weak.


#3

Well, it does not help that SMS messages are sent (and logged) in plaintext.


#4

SMS is purely useful in sending a notification or confirmation…but private data should never be sent in it. That of course leads to the question “what is private data”.


#5

Unless you have real time access to the SMS feed, those two-factor codes are not going to be useful for an exploit.

I guess this is just as shocking learning that the sysadmin for your email provider could read your email.


#6

Sms should have been junked in the days where they dared to charge us 10 cents a message.

The various messenger services are far superior, and would completely obviate SMS if there was interoperability.


#7

I’m sorry, but did anyone ever think that SMS was a secure form of communication? I assume that anyone can read my SMS if they are so inclined, and I’m not a paranoid fuck.


#8

Especially when one is logging in from one’s phone. Where’s the second factor in that? Tab over to another app to copy the code, then tab back here to paste it. How does that add security?


#9

This topic was automatically closed after 5 days. New replies are no longer allowed.