Overview

• Whistleblower data show around one million two-factor authentication texts from major tech platforms passed through Fink Telecom Services in June 2023.
• Fink Telecom, tied to intelligence and surveillance contractors, used global titles across Namibia, Chechnya, the UK and Switzerland to route unencrypted messages.
• Lack of SMS encryption leaves two-factor codes vulnerable to interception by network providers or third-party handlers.
• Google is phasing out SMS authentication in favor of QR codes and security agencies such as the FBI have warned against text-based methods.
• Experts recommend authenticator apps or passkeys for stronger protection, and regulators including Ofcom have moved to ban insecure routing practices.