Authentication Using Mobile Phone

Questions and Answers

What is a key requirement for receiving an authentication code via message?

Having mobile coverage to receive SMS (correct)

Having a specific mobile phone model

Having a specific mobile app

Having a specific operating system

What is a potential risk if a user's mobile phone is lost or stolen?

The user will lose access to their account (correct)

The user's account will be automatically locked

The user will receive additional authentication codes

The user's phone will be automatically wiped

What is an attack method that could be used to intercept authentication messages?

Phishing attack

Denial-of-Service attack

Attack on SS7 signaling protocol (correct)

Man-in-the-middle attack

What is another type of attack that could be used to gain access to a user's account?

SIM swap attack

What is a common use case for authentication using a mobile phone?

Banking and government service access

Study Notes

Authentication Using a Mobile Phone

• Authentication code is sent via SMS, a simple authentication approach used for sensitive access, such as banking and government services.
• No additional app installation is required on the phone.

Disadvantages of SMS-based Authentication

• Requires mobile coverage to receive the SMS, which may not always be available.

Risks of SMS-based Authentication

• Loss of access or unauthorized access if the mobile phone is lost or stolen.
• Attackers can gain unauthorized access through SIM swap attacks.
• Attackers can intercept messages using a fake mobile tower or by exploiting the SS7 signaling protocol.

Description

Learn about the authentication method that uses a code sent via SMS, its advantages and disadvantages, and potential security threats.