Mobile phone security's been busted for years, and now 2-factor auth is busted too
by Cory Doctorow from on (#2NB81)
The SS7 vulnerability has long been understood and publicized: anyone who spends $1000 or so for a mobile data roaming license can use the SS7 protocol to tell your phone company that your phone just showed up on their network and hijack all the traffic destined for your phone, including those handy SMSes used to verify sketchy attempts to log into your bank account and steal all your money. (more")