One ma jor issue of SMS OTPs is that authentication service providers blindly rely on security provided by the mobile network operator (MNO). However as described in Section 3.1, numerous vulnerabilities in cellular network technolo- gies suggest that it is possible to intercept cellular network traffic (in case of GSM). In addition, in some countries such as India, cellular network traffic is not encrypted by default. Furthermore, mobile network operators disable wire- less encryption of SMS and call traffic.