We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone
Learn how to exploit vulnerabilities in text-based 2FA solutions using OSINT, phishing techniques, and a burner phone, and discover the common tactics and tools used to bypass 2FA security measures.
- 2FA solutions are mostly text-based, making them vulnerable to spoofing attacks.
- Text messaging is not secure, as it’s not designed to be used for authentication.
- SMS-based 2FA is often easily bypassed, as many users reuse their phone numbers for online accounts.
- One in five email addresses can be tied to a valid phone number.
- SMS injection attacks are common, where an attacker initiates a SMS transfer and then sends a fake 2FA code to the victim.
- Man-in-the-middle attacks can be used to intercept and manipulate 2FA codes.
- Bugs in 2FA implementations can also be exploited to bypass security.
- Phishing attacks are often used in conjunction with SMS spoofing attacks.
- Using non-standard HTTP requests can allow attacks to bypass CORS security measures.
- Some banks and services use SMS-based 2FA, which can be easily bypassed.
- Account recovery processes are often vulnerable to attacks.
- The use of a burner phone can be used to carry out SMS spoofing attacks.
- Re-captcha can be bypassed using CORS and other techniques.
- Using an old phone or apical phone can be used to carry out SMS spoofing attacks.
- SMS-based 2FA can be bypassed using a man-in-the-middle attack.
- Some sites may use SMS-based 2FA to authenticate users.
- Using 3G or 2G networks can make it easier to carry out SMS spoofing attacks.
- SMS spoofing attacks are not new and have been used in various forms for years.