this post was submitted on 20 Dec 2024

632 points (98.8% liked)

Technology

60029 readers

2881 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

632

Feds Warn SMS Authentication Is Unsafe After ‘Worst Hack in Our Nation’s History’ (gizmodo.com)

submitted 2 days ago by [email protected] to c/[email protected]

141 comments fedilink hide all child comments

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 67 points 1 day ago (1 children)

Oh man it sure would be nice if the feds had the power to regulate something like this /s

[–] [email protected] 55 points 1 day ago (8 children)

They did. That's the reason for this hack, they wanted Lawful Interception, they got their backdoor. It's what professionals and privacy advocates said all along, if it exists it will be abused.

[–] [email protected] 9 points 1 day ago* (last edited 1 day ago)

This isn’t a hack in the way you’re thinking of, nor is it a product of government mandated interception, or a back door. The salt typhoon event you’re referring to is nothing more than the tip of the iceberg of a much bigger problem, which is abuse of the dated SS7 system we’ve known about for decades.

load more comments (7 replies)

[–] [email protected] 16 points 1 day ago

Hollywood hacking has nothing on real hacking it seems.

[–] [email protected] 26 points 1 day ago (2 children)

of course it is. forced 2fa BY SMS OF ALL THINGS is one of the stupidest ideas

[–] [email protected] 14 points 1 day ago (1 children)

I assume businesses only jumped at the chance to enable SMS 2FA to get their greedy little fingers on our phone numbers.

load more comments (1 replies)

[–] sugar_in_your_tea 10 points 1 day ago

Even stupider is supporting hardware keys for MFA, but having SMS fallback which can't be disabled (looking at you, Vanguard). I'd much rather have email as my second factor than SMS, and I literally abandoned a bank (Ally) for removing email as an alternative to SMS.

[–] [email protected] 107 points 2 days ago (1 children)

[–] [email protected] 13 points 1 day ago (2 children)

Why the hell is this in 4K HDR?

[–] [email protected] 13 points 1 day ago

Only the best for the worst hack in history.

load more comments (1 replies)

[–] [email protected] 66 points 2 days ago (1 children)

Been saying that for years. It's about damn time.

[–] [email protected] 17 points 1 day ago (6 children)

SMS spoofing and SIM swapping have been around for ages. It was never secure and that's always been known. The number of companies that rely on it despite sending me a zillion other fucking useless emails is too damn high! Email, or better yet, an authenticator app, are far more secure. Not perfect, but better.

[–] [email protected] 1 points 1 day ago (3 children)

Wait, how is email more secure than SMS?

load more comments (3 replies)

load more comments (5 replies)

[–] [email protected] 5 points 1 day ago (2 children)

I'm new to technology, is this good?

load more comments (2 replies)

[–] [email protected] 37 points 2 days ago (3 children)

in other news grass is green

load more comments (3 replies)

[–] [email protected] 28 points 2 days ago* (last edited 2 days ago)

Thank god, give me my HMAC hash please.

Nothing more terrifying than losing your phone number these days because of all the accounts tied to it via 2FA.

[–] Imgonnatrythis 30 points 2 days ago (1 children)

Didn't this happen quite awhile ago? I don't see anything new in this article

[–] [email protected] 52 points 2 days ago (1 children)

The novelty is the fact that it's ongoing. They haven't mitigated the hack. The threat actors are still inside the networks, which is why the government is telling people to switch to E2EE apps.

load more comments (1 replies)

load more comments