Today’s one great thing is a new video from one of my favorite Youtube channels, Veritasium.
In this video, you’ll see how surprisingly easy it is to hack someone’s mobile phone so that you can receive their calls and their SMS messages, without their knowledge, and without needing physical access to their device!
Having the ability to receive someone else’s SMS messages is particularly scary because it potentially compromises one of the most common backup methods used by two factor authentication mechanisms to protect your most valuable accounts.
In a world where government sponsored spyware can eavesdrop on mobile phones without requiring the user to do anything special, and terrorist attacks are being carried out by turning pagers into bombs, it’s worth spending some time figuring out how to minimize your exposure.
I don’t have a great answer but one practical take away for me: wherever possible, I’m going to use an authenticator app (or physical security key) as my two factor auth backup mechanism and reduce my reliance on SMS for that purpose.