SMS sign-in links, a popular alternative to traditional passwords, are leaving private accounts dangerously exposed due to inherent security weaknesses in unencrypted text messages. A recent technical review found that these links, used by at least 177 digital services, allow attackers to access sensitive user data without further verification, with further coverage provided by Tech Radar.The review analyzed over 33 million SMS messages and found that authentication systems often treat possession of an SMS-delivered URL as sufficient proof of identity. Researchers also identified that 125 services used weak tokens, making it possible to guess valid links.Some links remained active for months or even years, significantly extending the risk window. Mismatches between interface elements and backend requests also led to overfetching of personal information. The number of affected services is likely higher than identified due to limited visibility.Source: Tech Radar
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds





