Microsoft wants users to opt for securer technologies citing multi-factor authentication (MFA) as the “least secure” method available nowadays.
Microsoft’s identity security director, Alex Weinert, wrote in a blog post that the time has come to ditch SMS and voice multi-factor authentication (MFA) tools in favor of modern technology.
Weinert explained that telephone networks have a poor security level, which is why such authentication tools are useless as voice calls and SMS can be intercepted easily. Since these are transmitted in clear text, it is also possible to exploit SMS codes through SIM swapping to perform phishing attacks.
“These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they’re the least secure of the MFA methods available today. That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages,” explained Weinert.
Hackers can also intercept unencrypted voice and SMS MFA by deploying an SS7 intercept service or a software-defined-radio to access calls or messages before the user receives them.
It is worth noting that in 2016, researches also demonstrated how a Signaling System Number 7, (SS7) vulnerability can be exploited to hack a Facebook account by just knowing the phone number associated with it.
Most of the PSTN systems are supported by customer service agents, who are vulnerable ..
Support the originator by clicking the read the rest link below.
