506781—the two-factor authentication code needed to access my Dropbox account on November 15, 2015. I know because it’s still there in my SMS history, a permanent record of my accessing Dropbox from new devices. I have full iCloud history in much the same way—332486 was the code on October 4, 2014. I can see the same for Microsoft, Uber, Sony… You get the point.
As I’ve written before, SMS messaging is best avoided—it’s an archaic and unsecured platform with no place among the myriad end-to-end encrypted alternatives we can now use. If you want to message family, friends, colleagues, then skip SMS and use iMessage (blue bubbles only), WhatsApp, Signal, Telegram (albeit its encryption is more complex than the others). And while you may consider your private messages to be of little interest to others, you still seal envelopes despite trusting the postal services and
Given you’re reading this story, the chances are that you’re somewhat cyber aware. If I was to send you a file attachment in a text message—let’s say a Word or PDF document, you’re hopefully programmed to ask a whole set of questions before opening or saving that attachment to your phone. Do I know the sender? Was I expecting the file? But what if it was just a photo—something amusing or attention-grabbing to keep or share? You can view the image within the messaging app, you can see what you’re getting, surely there’s no harm in saving it to your photo album?
If only that was the case. The fact is that a malicious image has the same capacity to damage your device and steal your data as a malicious attachment. The only difference is that it’s a more sophisticated attack, which makes it rarer. We saw the latest