There are countless ways to carry out a cyber attack, but for the vast majority the key is deception – typically involving identity deception in which the attacker poses as a trusted party to the intended victim.
With cyber criminals constantly on the prowl to capture passwords and other credentials, two-factor authentication (2FA) has become one of the most widely accepted backup verifications for many services and companies. While various 2FA methods are available, the humble SMS text message has emerged as a favourite as it is incredibly ubiquitous and easy to understand.
Nevertheless, SMS also contains a number of inherent flaws as a security verification method. The first problem is that 2FA doesn’t actually verify the user’s identity, only that they have access. This means that anyone with direct access to the device can pass through 2FA security measures as they can send themselves the code.