Over 177 digital services are using SMS login links, creating a serious security vulnerability; users should be cautious before opening them.
Báo Khoa học và Đời sống•26/03/2026
Many services now allow login via SMS links, which is quick but carries significant risks. A report from security researchers, compiled by TechRadar and analyzing 33 million messages, reveals that at least 177 services are putting users at risk.
The problem lies in the system equating "owning the link" with "being the account owner," bypassing the additional verification step. Three common mistakes include: easily guessable authentication codes (tokens), excessively long validity periods, and unnecessary data retrieval when clicking links.
SMS messages are not end-to-end encrypted, making them vulnerable to interception, leakage, or exploitation through vulnerabilities such as SIM swapping. An attacker can access personal data simply by gaining control of a phone number or collecting old messages. Experts recommend using Method of Authentication (MFA) with an app that generates a code or physical security key instead of SMS linking.
Users should be vigilant, avoid clicking on suspicious links, and regularly delete old messages to reduce the risk of hacking. Readers are invited to watch the following video : Experts warn of serious vulnerability on iPhone, millions of devices at risk of attack.
Báo Khoa học và Đời sống•26/03/2026
Comment (0)