However, by intercepting a voice or text message using equipment that, according to the German newspaper, sells for around 1,000 euros, hackers can use the captured code to gain full access to a bank account and transfer money to any other account at their own discretion.
are not being patched by anyone, perhaps because of their perceived low risk to users compared to the high cost and difficulty of fixing them.
This is not tolerable, as any application of text-based two-factor authentication could be at risk today, such as social media accounts, banking logins, or email accounts.
“Anyone’s accounts protected by text-based sweden whatsapp data authentication, including bank accounts, are at potential risk until the FDC and the telecom industry fix the devastating SS7 security flaw,” said Republican U.S. Congressman Ted Lieu, one of the few members of Congress with a computer science degree and the one who allowed hackers to tap his phone on CBS’s “60 Minutes” in 2015.
"Both FDC and the telecom industry know that hackers can intercept our text messages and phone calls with just a cell phone number," he added, urging Congress to hold immediate hearings on the issue.
Last year, the National Institute of Standards and Technology (NIST) said it was discouraging (though not completely rejecting) its previous recommendation to use text message-based authentication because it was found to be less secure than other forms of two-step verification, such as apps like Google Authenticator and Authy, which use end-to-end encryption to send one-time codes.