“We argue that these attacks are straightforward to test, verify, and execute at scale,” the researchers, from the universities of New Mexico, Arizona, Louisiana, and the firm Circle, wrote. “The threat model can be realized using consumer-grade hardware and only basic to intermediate Web security knowledge.”
SMS messages are sent unencrypted. In past years, researchers have unearthed public databases of previously sent texts that contained authentication links and private details, including people’s names and addresses. One such discovery, from 2019, included millions of stored sent and received text messages over the years between a single business and its customers. It included usernames and passwords, university finance applications, and marketing
→ Continue reading at Ars Technica