The existing mobile communications infrastructure is outdated in terms of security. A lot has been written on Habra about SMS interception and mobile hacking. Interception of incoming SMS is not much of a problem – it can be done at a considerable distance from the victim, even if the user does not let the phone out of his hands.
The problem is that many people use their phone number as their main “digital passport”. This video from Positive Technologies demonstrates how easy it is to hack a bitcoin wallet by intercepting “texts.”
Every network today is at risk of hacking due to the possibility of an IMSI trap, improper hardware configuration, and SS7 architectural flaws. All of these obvious and potential vulnerabilities cannot be fixed today. Telecom operators should probably perform regular network checks, properly configure equipment, and continuously monitor traffic, but users have no control over these activities.
SMS texting was never designed to be secure. There are some concrete steps you can take to stop using them. For example, put the Authy app for two-factor authentication. In addition, the app knows how to back up your base, encrypt your data and back up to the cloud, and sync across multiple devices.
So far it is difficult to completely abandon SMS when delivering secret codes for login, password recovery, and similar tasks, because it’s a fairly simple and accessible “transport” for users. But the transition to push notifications and offline code generators is becoming more and more active.