In reality, this new warning from Microsoft presents all the reasons we should be moving away from SMS for any of our communications. “When SMS and voice protocols were developed,” Weinert explains, “they were designed without encryption. From a practical usability perspective, we can’t overlay encryption onto these protocols because users would be unable to read them (there are other reasons too, like message bloat, which have prevented these from taking hold over the existing protocols). What this means is that signals can be intercepted by anyone who can get access to the switching network or within the radio range of a device.”
Simpler attacks focus on SIM-swapping, where networks are tricked into issuing duplicate SIM cards or phishing sites that entice users into entering their credentials—which are then entered behind the scenes into the real site—and then the MFA code when it’s received. The simplest attacks dupe users into forwarding the codes they receive to others.
Read the full article at Forbes