Chris Lacy, the developer of Action Launcher, has recently tweeted a screenshot of a 2FA message from an unidentfied Australian carrier. Based on the image, the message is a standard Google sign-in verfication code for the Google Messages app, but it included an ad for a VPN.
With that, the messaged has been flagged as a spam text and the carrier is being suspected of including ads on such text messages.
2FA SMS Message with Ads
According to the story by XDA-developers, this is possible due to SMS messages being unencrypted meaning they can be read by the users' carrier. By including ads into 2FA texts, it would ensure tnat the end-user will see them as they need to check the code to access any app they are logging into.
While the move was noted as a spammy move, this is actually still possible due to just how unprotected SMS really is.
Several Google employees have reached out to Lacy, saying that it definitely did not come from the internet giant, and that it could be the work of the carrier the developer is using.
Google Investigates the Issue
According to the Director of Product Management on Identity and User Security at Google, Mark Risher, these are not Google ads, and the company does not condone those types of practices.
It was also stated that Google is now working with the wireless carrier to clearly understand what is happening and ensure that it will not happen again.
Read also: hardware-based 2FA authentication
SIM Swap and 2FA popularity
Although SIM swap attacks are a real thing, they aren't really something that needs any worrying. The article noted that it is still quite impressive that the Google Messages app was still able to pick up the spam message despite being sent from another Google phone number.
Read also: popularity of 2FA
What Happens When You Lose Your Phone?
The 2FA works as an additional authentication wherein users will receive a specific code on their device that they have verified as their own. With the use of their username and password, they can log in but only enter their account once they provide the 2FA code sent to their device.
One problem, however, can arise when users lose their mobile devices and thus need to go through the process of proving they lost their device through other means of authentication. When this happens, an article by NordPass noted that users should contact their mobile provider and have their number transferred to a new SIM card. This process can take a while depending on the mobile provider.
Related Article: 'Samsung Pay' Feature Could be Included in Samsung Galaxy Z Flip 3 According to FCC Filing
This article is owned by Tech Times
Written by Urian B.
