According to Yahoo, one-time authentication codes (OTP) sent via SMS are still widely used as a second layer of protection in the two-factor authentication process, helping users log in to banking, email or social networking applications.
However, Yahoo warns that SMS is one of the weakest security methods because it is very vulnerable to phishing attacks.
A recent investigation by Bloomberg Businessweek and Lighthouse Reports revealed a bigger risk: these OTPs could be accessed by third parties. Specifically, little-known Swiss telecommunications company Fink Telecom Services had access to more than 1 million messages containing two-factor authentication codes in June 2023.
As an intermediary between the companies that generate authentication codes and the end users, Fink Telecom Services has the right to process and view the content of messages. What is worrying is that this company has been suspected of participating in user surveillance and interfering with personal accounts.
SMS is considered one of the weakest security methods because it can be accessed by third parties.
The leaked OTPs came from major companies such as Google, Meta, Amazon, Tinder, Snapchat, Binance, Signal, WhatsApp, and several European banks. The messages were sent to users in more than 100 countries.
According to Yahoo, the main reason why SMS two-factor authentication is not secure is because companies often outsource SMS sending at a lower cost, through large contracts with multiple carriers and a system of “global titles” - network addresses used to connect across countries. The weakness of this system is that the companies that hire them do not work directly with entities like Fink Telecom Services, but through layers of subcontractors, making it more complicated to ensure data security.
Mr. Pham Manh Cuong, founder of Wischain Company Limited, explained that the two-factor authentication method via SMS messages is no longer safe today because cyber attackers are increasingly sophisticated, easily taking advantage of vulnerabilities in the security system to gain access.
One of the most common forms of phishing attacks is where a seemingly reputable message, email, or website is used to trick users into providing sensitive information such as usernames, passwords, or OTP codes.
Not only that, SIM swapping is also a serious threat. Fraudsters can steal the victim's phone number, from which they receive authentication codes sent via SMS.
In addition, many users still have the habit of installing software of unknown origin, especially on Android devices, leading to spyware or keyloggers that can secretly record keyboard typing, thereby stealing access information.
While SMS authentication is still considered a certain layer of protection, compared to modern methods like Google Authenticator - an application that generates random authentication codes that change every 30 seconds and is independent of mobile networks - SMS is increasingly showing its weaknesses.
Source: https://nld.com.vn/xac-thuc-hai-yeu-to-qua-sms-rat-rui-ro-nen-dung-ung-dung-nao-196250621114624897.htm
![[Maritime News] Wan Hai Lines invests $150 million to buy 48,000 containers](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/6/20/c945a62aff624b4bb5c25e67e9bcc1cb)
![[Infographic] Party Committee of the Ministry of Culture, Sports and Tourism: Marks of the 2020 - 2025 term](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/6/22/058c9f95a9a54fcab13153cddc34435e)
Comment (0)