SMS for Two-Factor Authentication is a problem
Text Message database found on an unprotected server
Recent information revealed that a massive database containing information on millions of text messages was reportedly discovered unsecured, exposing sensitive information such as password resets and two-factor security codes as reported by TechCrunch.
The unsecured server was discovered on Shodan, which is a search engine for publicly available (unsecured) devices and databases, the database appeared to contain more than 26 million text messages, each containing the message and tagged with the recipient’s cell phone number.
A text-message gateway biz called Voxox reportedly left vital systems open on the internet, allowing anyone to inspect it in real time and glean sensitive information being sent out to the intended recipients.
“The data store, which at one point had 26 million messages in it, and by all indications has since been hidden from public view”
Voxox is used by companies to send SMS messages to their users, this includes messages containing password reset and two-factor authentication (2FA) codes. Germany-based infosec bod Sébastien Kaul found the leaky systems via a Shodan.io search, and the Amazon-hosted database of messages searchable for goodies, TechCrunch reports.
The data store, which at one point had 26 million messages in it, and by all indications has since been hidden from public view.
Like the current format of choice, H.265 HEVC standard, the new H.266/VVC variant will be subject to a license fee for manufacturers, so we’ll have to see how widely it’s adopted once released. The companies behind the standard are working on chip designs for devices, such as phones, and Fraunhofer HHI is set to publish the first software (for both encoder and decoder) to support H.266/VVC this autumn.
Share this post
What we Do
We are committed to the growth of our clients’ businesses, and with an expert team of highly experienced specialists, we get tasks completed quickly and with laser-focused precision.
Subscribe for our news articles to stay updated
Business Decency. What are the necessary criteria for being a decent person? Or, how to be fair and kind? Will anyone listen, or even feign attention? Decency in the age of covid. A critique on predatory business practices that offer short term gains but damages the business ecosystem later.