this post was submitted on 24 Feb 2024
        
      
      729 points (98.3% liked)
      Technology
    76362 readers
  
      
      1418 users here now
      This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
        founded 2 years ago
      
      MODERATORS
      
    you are viewing a single comment's thread
view the rest of the comments
    view the rest of the comments
Sms is not encrypted, your service provider can read all your texts.
Theoretically anyone at the right point can read all your SMS texts.
A great example being the police "stingray tower" system that masquerades as a cell tower that your phone will happily (and quietly) connect to.
Convince a phone that you're just another authorized relay, have a target in mind, and it's like reading postcards before they hit the mailbox.
This is also why it's an absolute joke for 2FA, but institutions like banks still happily use it because it's easy to understand.
Not only easy to understand but for a while it was the only way to do 2fa that was usable by lots of people. Smartphones aren't as ubiquitous as people think, even today.
SMS's fall from grace wasn't actually that it could be intercepted, it was the fact it started being used as an excuse to ask for a phone number and use that to track people.
Google still won't allow you to use any form of 2fa if you don't give them a phone number. Twitch/Amazon too. Facebook used to (until they got Whatsapp, now they don't need to ask.) LinkedIn used to (until they got broken into so many times it became a humongous liability).