a thief was able to try to break into my bank account and tried to transfer money out. My bank caught it but they said it happened by having a 2FA text message sent to a phone number on my account. But the phone number they said was compromised was one that is a landline, its an old phone number my family has that my parents put on the account when they opened it for me as a kid.
How can a landline get a text message? and even if it was possible to get a text to a landline phone, how would the thief access the code?
In: 1
Text messages or SMS originates from an era when GSM cellphone services were developed, but they actually originate from a digital landline service called ISDN. That is still active in some places.
That said, I have received HUNDREDS of text-to-speech-synthesised text messages to my landline number since a lot of my friends are too clueless to recognise my landline number.
The interesting question here is if the landline number is active, if it is it may have received text messages that a computer happily has read back to it.
If the service allows it, you should move away from SMS based 2FA and instead use an authenticator app. It’s been [deprecated by NIST](https://www.nist.gov/blogs/cybersecurity-insights/questionsand-buzz-surrounding-draft-nist-special-publication-800-63-3) since 2016 for exactly these kinds of reasons – it’s not particularly hard for the message to be intercepted.
What might be a possibility is something called sim-spoofing:
If an attacker is able to impersonate you, they might be able to convince your phone provider to change the phone line to a different one that they control. Since they now own the new phone to that number, they can receive the 2GA code and use it.
However this is only really common with mobile phones / sim cards, I haven’t heard of it being used for landlines yet. In the end it is much more likely to be someone with physical access to that landline phone
Latest Answers