Short Message Service Multi-Factor Authentication#Short Message Service is often used as an Authentication Factor in Multi-Factor Authentication
The pros and cons of SMS-based codes#
- SMS codes are convenient. There’s no fussing with downloading an app and going through set up for each account. It may be the only option if you don’t have a smartphone.
- SMS authentication can be a canary in the coal mine. If someone’s trying to break in to your account, the 2FA messages on your phone are warning that it’s time to investigate (and to change your password).
- A crook can hijack your SMSes with a SIM swap scam. If they can convince a mobile phone shop that they are you, they can get them to issue a replacement SIM encoded with your phone number. Your phone will go dead and theirs will start receiving your calls and messages, including 2FA codes.
- NIST has declared that the age of SMS-based 2FA is deprecated.
From 3GPP Releases 99 and 4 onwards, CAMEL Phase 3 introduced the ability for the Intelligent Network (IN) to control aspects of the Mobile Originated Short Message Service, while CAMEL Phase 4, as part of 3GPP Release 5 and onwards, provides the IN with the ability to control the Mobile Terminated service. CAMEL allows the gsmSCP to block the submission (MO) or delivery (MT) of Short Messages, route messages to destinations other than that specified by the user, and perform real-time billing for the use of the service. Prior to standardized CAMEL control of the Short Message Service, IN control relied on switch vendor specific extensions to the Intelligent Network Application Part (INAP) of SS7.SS7 hack) is a type of fraud that involves a criminal registering an existing number of a cellular company’s client on a new SIM card, that allows you to make and receive calls, SMSes, etc.). They usually do this in order to intercept notifications and One-Time password, that are sent to the Mobile Device
More Information#There might be more information for this subject on one of the following:
- Instant Messaging
- Mobile Application Part
- Mobile TAN
- SS7 hack
- Signalling System No. 7
- Subscriber Identification Module