As it turns out, this security feature may not be all that secure.
Apple and Android users can now send 2 emails via text after government officials say a massive communications breach could expose unencrypted messages to malicious attackers. You are being asked to stop receiving factor authentication codes.
Earlier this month, the FBI warned smartphone users to download encrypted services like Signal and WhatsApp after bad actors believed to be from China hacked AT&T, T-Mobile, Verizon and five other networks to spy on customers. We asked them to use our messaging platform.
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) announced: new memo It outlined best practices for mobile communications in the wake of network hacks and advised people to stop using SMS as a second factor to authenticate online accounts.
“SMS messages are not encrypted, so an attacker who has access to a communications provider's network and intercepts these messages can read them,” CISA declared.
Receiving codes via SMS is “not phishing-proof,” meaning it is not a secure verification method for high-profile targets.
Instead, authorities encouraged the use of authenticator apps (although authenticator apps are still at risk of breaches). FIDO authentication Passkeys are considered the most secure verification method.
While some online services may not have another option for two-factor authentication, authorities urged users to use alternative methods where possible to minimize the risk of hacking. It also recommended using a password manager, using strong passwords, setting a PIN where possible, and keeping personal devices up to date.
The advisory follows news earlier this month of a network breach known as Salt Typhoon, which experts said was “ongoing and potentially larger than previously understood.” I guess it's high.
Authorities could not confidently declare that malicious actors had been successfully eradicated from the network.
“We cannot say with certainty that the adversary has been eliminated,” said Jeff Green, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CSIA). politiko.
“We're tracking them…but we can't confidently say we know everything, and neither can our partners.”
