Call or SMS based authentication is still not the best choice

Call or SMS based authentication is still not the best choice

By ircrp | ircrp | 20 Oct 2020



With majority of the telecommunication companies running on crappy old hardware which for years has been deemed too costly to upgrade, the opportunity for attackers exploiting the legacy telecoms protocols increases. For instance in September of 2020 at least twenty Israeli individuals highly involved in Cryptocurrency projects have been allegedly targeted in SS7 telecoms exploit targeting their telecommunications provider formerly known as Orange Israel. 

  • With legacy protocols developed back in 1975 like Signalling System No 7 (SS7) the majority of telecoms industry remains well outdated in terms of its security.
  • Although most of us have some level of awareness that our SMS or even calls may be snooped on, we perhaps are still too naive that those can be still used effectively for security purposes.
  • To make things worse some of the services we use are perhaps at the forefront of the naivety with offering those as the only security measures upon us, with the infosec community widely stating in the past years that practices such as sending verification codes through SMS should be deemed as insecure.
  • Although attacks on SS7 are not easy to pull off and require a high degree of knowledge, preparation and investment prior to exploitation of the telecoms protocol it effectively allows to gain control over the victim's incoming Voicemails and SMS.
  • Some of the current recommendations include choosing Hardware or Software based authentication methods (such as Google Authenticator) over the SMS or call based authentication.


Related Reading
Ongoing crypto free earn campaigns:


Ongoing crypto non-free earn campaigns:



Crypto & Security

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.