Friendly forums for passionate Dems!
More than 92 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»The DU Lounge»Feds Warn SMS Authenticat...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

The DU Lounge

Related: Culture Forums, Support Forums

bucolic_frolic

(47,531 posts) Fri Dec 20, 2024, 06:24 AM Yesterday

Feds Warn SMS Authentication Is Unsafe After 'Worst Hack in Our Nation's History'

This discussion thread was locked as off-topic by Lasher (a host of the The DU Lounge forum).

Note: I don't know how to categorize the authentication methods I use. Do I use an app? I don't know. I login, they text a code. I think that's the risk they're talking about.
_______________

Feds Warn SMS Authentication Is Unsafe After ‘Worst Hack in Our Nation’s History’

https://gizmodo.com/feds-warn-sms-authentication-is-unsafe-after-worst-hack-in-our-nations-history-2000541129

Do you use text messages for multi-factor authentication? You should probably switch to a different method, especially with everything we’re learning about a recent hack that’s been dubbed the “worst in our nation’s history.” Even the federal government is putting out warnings now, including a call for government officials to only use encrypted apps for communication.

Hackers aligned with the Chinese government have infiltrated U.S. telecommunications infrastructure so deeply that it allowed the interception of unencrypted communications on a number of people, according to reports that first emerged in October. The operation, dubbed Salt Typhoon, apparently allowed hackers to listen to phone calls and nab text messages, and the penetration has been so extensive they haven’t even been booted from the telecom networks yet.

The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week on best practices for protecting “highly targeted individuals,” which includes a new warning about text messages.

“Do not use SMS as a second factor for authentication. SMS messages are not encrypted—a threat actor with access to a telecommunication provider’s network who intercepts these messages can read them. SMS MFA is not phishing-resistant and is therefore not strong authentication for accounts of highly targeted individuals,” the guidance, which has been posted online, reads.

_______ More More MORE at the link

9 replies, 497 views
9 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Feds Warn SMS Authentication Is Unsafe After 'Worst Hack in Our Nation's History' (Original Post) bucolic_frolic Yesterday OP
Bring it. OldBaldy1701E Yesterday #1
Two factor authentication is bullshit anyway. intheflow Yesterday #2
It's totally not bullshit LearnedHand Yesterday #4
It's a PITA. intheflow Yesterday #7
Here's how to understand the warning LearnedHand Yesterday #3
These days I'm not feeling so much like an ignorant Luddite for not using a smartphone. Midnight Writer Yesterday #5
And the EU is wanting Apple to open up all of its IOS to all developers. This I presume would include LiberalArkie Yesterday #6
Well, if somebody else rates my GrubHub order, I'll know I've been hacked. catbyte Yesterday #8
Locking. Lasher Yesterday #9

OldBaldy1701E

(6,569 posts)
1. Bring it.
Reply to bucolic_frolic (Original post)
Fri Dec 20, 2024, 07:48 AM
Yesterday

I have nothing and I am nothing. If the Chinese want to spy on me, feel free. They want to steal my identity? Go for it, big guy! Then the harassment calls can start going to you! Not to mention what would happen to their 'credit rating'!

intheflow

(29,047 posts)
2. Two factor authentication is bullshit anyway.
Reply to bucolic_frolic (Original post)
Fri Dec 20, 2024, 08:03 AM
Yesterday

Like, just because I’m trying to access my email from my sister’s computer I’m locked out awaiting two factor authentication, which they want to send to my phone even though I have correctly entered my password. However, my phone is dead or left at home, so I can’t get in my email. The other authentication option offered is to send an email - to another account that I’ll be locked out of. I’m a public librarian and this scenario plays out almost daily with patrons. 😡

LearnedHand

(4,221 posts)
4. It's totally not bullshit
Reply to intheflow (Reply #2)
Fri Dec 20, 2024, 08:23 AM
Yesterday

It might be a bit of a pain for users but it's absolutely strong protection for you and your accounts.

intheflow

(29,047 posts)
7. It's a PITA.
Reply to LearnedHand (Reply #4)
Fri Dec 20, 2024, 09:23 AM
Yesterday

Last edited Fri Dec 20, 2024, 10:16 AM - Edit history (1)

It assumes a level of access to tech and tech competencies that many people don’t have. If you need to access email to get, say, a copy of your birth certificate, but you set up your account 5 years ago and haven’t touched it since, and the phone number you gave isn’t even your phone number anymore, it's more than useless. It’s a major impediment for a lot of people needing to access urgent information. It’s classist. This is my near-daily firsthand experience. YMMV.

LearnedHand

(4,221 posts)
3. Here's how to understand the warning
Reply to bucolic_frolic (Original post)
Fri Dec 20, 2024, 08:22 AM
Yesterday
iPhone to iPhone is encrypted (safe)

Android to Android is encrypted if the texting app on both devices uses the RCS protocol

Cross-platform texting via native apps is unencrypted and thus unsafe

The FBI recommends encrypted third-party apps for cross-platform texting. This includes Signal, WhatsApp, and (I think) Facebook Messenger.

Midnight Writer

(23,109 posts)
5. These days I'm not feeling so much like an ignorant Luddite for not using a smartphone.
Reply to bucolic_frolic (Original post)
Fri Dec 20, 2024, 08:24 AM
Yesterday

Landlines rule!

LiberalArkie

(16,646 posts)
6. And the EU is wanting Apple to open up all of its IOS to all developers. This I presume would include
Reply to bucolic_frolic (Original post)
Fri Dec 20, 2024, 08:33 AM
Yesterday

the "keys to the kingdom". The crypto keys that prevent this in their own apps.

SMS is not encrypted because every device and developer needs access to it, so even if it was encrypted everyone would have to have the keys to decrypt the messages as it is an open platform.

catbyte

(35,957 posts)
8. Well, if somebody else rates my GrubHub order, I'll know I've been hacked.
Reply to bucolic_frolic (Original post)
Fri Dec 20, 2024, 10:42 AM
Yesterday

They'd be bored stiff with my texts but have at it.

I don't use text messages to authenticate anything important

Lasher

(28,433 posts)
9. Locking.
Reply to bucolic_frolic (Original post)
Fri Dec 20, 2024, 11:36 AM
Yesterday

We believe this OP is better suited to the GD Forum. Please repost it there.

Latest Discussions»The DU Lounge»Feds Warn SMS Authenticat...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.