• axx@slrpnk.net
        link
        fedilink
        arrow-up
        8
        ·
        8 days ago

        Briefly: look into sim swapping, which is the most obvious, day to day risk.

        Then there’s SS7 and how inherently trusting the whole system is.

        Then depending on where you are, some mobile networks still have terrible link encryption (were talking so bad a normal laptop is enough these days to break it on the fly). Granted, this is rare these days, in part thanks to the efforts of Karsten Knohl, SRLabs and other security researchers who did a lot to shine a light on this and SS7

        Not sure how up to date it still is, but https://gsmmap.srlabs.de/ shows how unequal networks are.

        • Prathas@lemmy.zip
          link
          fedilink
          arrow-up
          1
          ·
          8 days ago

          This is becoming less of an issue as US Mobile has anti-SIM-hijacking protection; hopefully other carriers will follow suit. Of course, the carriers themselves can still read your msgs, but so can WhatsApp, probably (despite their claims to the contrary).

        • Hawke@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          6
          ·
          8 days ago

          That’s all sms though, not 2fa in general.

          All valid points and good information within that scope.

          • Appoxo@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            3
            arrow-down
            2
            ·
            8 days ago

            (…) and sms is an insecure system to begin with.

            citation needed on the second half

            That’s all sms though, not 2fa in general.

            Are you an LLM?

              • Appoxo@lemmy.dbzer0.com
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                7 days ago

                The edit icon is a bit not-obvious in Voyager…
                And I can’t view the original text.

                Edit: Speeling on a phone is hard (read: annyoing)

                • Prathas@lemmy.zip
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  8 days ago

                  I don’t think the original text before edits is viewable by anyone other than possibly instance admins.

                  • ToxicWaste@lemmy.cafe
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    7 days ago

                    there used to be the trick to click “view source” to do so. worked for anyone on any client a couple hours back in time.

                    but that was fixed long ago (years?)