Let's take an example of PayPal for this. Assume you got a PayPal account, and want to sign in. After entering your password, you receive an OTP for login on your device. You enter the code and get the access. (method) Now, I'm a blackie and I want your riches luring in your wallet. I do know your password, but I want to bypass the OTP checkpoint. I wish to intercept it off your phone and grab it. Here's what I can try: Interception. If I use WireShark for sniffing your traffic, I'll get encrypted UDP packets sent to the PayPal server but will not get the SMS packets as it isn't connected to your network. Earlier, SS7 attacks allowed infiltrated hackers to even sniff SMPP (Simple Message Peer-to-Peer protocol) packets with SMS text in plain, but later got patched in modern OS releases. Sad. SMS Forwarding. Sometimes, we unnoticeably press “Ok” to pop-ups on our screen when we're operating something. This can be dangerous, as I can send a SMS-forwarding request t...
👍👍
ReplyDelete