#Voxox app review verification
Many messages included two-factor verification codes for Google accounts in Latin America Ī Mountain View, Calif.-based credit union, the First Tech Federal Credit Union, also sent a temporary banking password in plaintext to a Nebraska number
Several partners were sent their six-digit two-factor codes to log in to the company's extranet corporate network įidelity Investments also sent six-digit security codes to one Chicago Loop area code We found a password sent in plaintext to a Los Angeles phone number by dating app Badoo Weak 2FA is behind an epidemic of number-porting scams that are bootstrapped to steal your online accounts, your cryptocurrency, and your email.Īuthenticator apps are much more secure (which is not to say they are perfect - and security economics predicts that as they are used to defend more and more, they will be subject to ever-better-resourced attacks, so watch this space).Įach record was meticulously tagged and detailed, including the recipient's cell phone number, the message, the Voxox customer who sent the message and the shortcode they used.Īmong our findings from a cursory review of the data: It is not secure, and should not be used for two-factor authentication messages (2FA). Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) - a giant, San Diego-based SMS gateway company - had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service.
0 kommentar(er)
