Slashdot: Feds Warn SMS Authentication Is Unsafe

Dec 19, 2024

—

Source URL: https://tech.slashdot.org/story/24/12/19/2132228/feds-warn-sms-authentication-is-unsafe?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Feds Warn SMS Authentication Is Unsafe

Feedly Summary:

AI Summary and Description: Yes

**Summary:** The text discusses a serious security breach in U.S. telecommunications by hackers associated with the Chinese government, allowing them to intercept unencrypted communications. The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings against using SMS for authentication due to its vulnerability. This incident highlights significant implications for the security of sensitive communications, particularly for high-value targets.

**Detailed Description:**
The text outlines a critical cybersecurity incident known as “Salt Typhoon,” attributed to Chinese government-aligned hackers, which has severely compromised U.S. telecommunications infrastructure. Here are the major points of significance:

– **Extent of Breach:** Hackers have penetrated telecom infrastructure deeply enough to intercept unencrypted communications, including phone calls and text messages.
– **Expert Commentary:** The breach has been labeled as potentially the “worst hack in our nation’s history” by a U.S. Senator, underscoring its severity.
– **CISA Guidance:**
– CISA has released best practices specifically for “highly targeted individuals,” emphasizing the need for improved security measures.
– A key warning in their guidance is against using SMS for multi-factor authentication (MFA), citing its unencrypted nature as a major risk.
– CISA suggests alternatives that are more secure, such as using passkeys or authenticator apps, particularly for high-value accounts and individuals.

– **Implications for Security Practices:**
– The incident serves as a stark reminder of the risks associated with traditional communication methods in an era where state-sponsored cyber activities are increasingly sophisticated.
– Promotes the adoption of stronger authentication methods and greater scrutiny of how sensitive communications are managed and protected.

This report emphasizes the necessity for security professionals to reassess existing infrastructure security measures, particularly concerning the usage of SMS in sensitive actions like authentication, and to advocate for transitioning toward more secure methodologies in an evolving threat landscape.

1 2 3 4 a Act adoption AI art as authentication authentication methods best practices breach by C Chinese government CISA communication Communications. critical cyber Cybersecurity Cybersecurity and Infrastructure Security Agency cybersecurity incident D DoT dual e encrypted communication exp fact factor authentication for g Gen Go government gs guidance hack hacker hackers high Highlight http HTTPS implications in incident infrastructure infrastructure security inter k keys l led Link low MFA multi multi-factor authentication Multi-Factor Authentication (MFA) nation native no non NSA o of on one ory over passkey Passkeys phi professionals R RCE Risk risks s Salt Typhoon sec secure security security breach security incident security measures security practices security professionals sensitive communications severity Sig SMS authentication SoC source sponsored sponsored cyber activities SSE state state-sponsored state-sponsored cyber activities T tech telecom telecommunications telecommunications infrastructure text the threat landscape to Tor TP transition U.S. U.S. telecommunications US usage uth vulnerability Wi x