SMS is widely regarded as an insecure form of two-factor authentication, and another example of this has just emerged. A carrier looks to be injecting

Carrier caught injecting ‘SMS AD’ into Google verification code message [Update: Comment]

submited by
Style Pass
2021-07-01 13:00:04

SMS is widely regarded as an insecure form of two-factor authentication, and another example of this has just emerged. A carrier looks to be injecting ads into the Google verification code used to sign in to services like Gmail.

Google confirms that the “SMS AD” did not originate from its own advertising network. Meanwhile, it’s working with the wireless carrier in question to find out what occurred. Lacy has decided “not to state the carrier for privacy reasons,” and Google did not share that information either.

Original 6/28: Action Launcher developer Chris Lacy today tweeted how his Google verification code — which starts with “G-” — featured an “SMS AD.” The advertisement — for a VPN — includes a quick message and short URL.

For those that immediately suspect this is just a phishing attempt, the verification code is legitimate and was requested by Lacy to successfully verify a login attempt. Google Messages even flagged the link/message as spam.

Leave a Comment