Skip to main content

Yet but another nail in SMS's coffin

(0 comments)

We have a number of issues with using SMS for authentication - insecurity of the carriers being a big one.  At the end of the day, you have to use cryptography and use it well.

The latest is "Operation Emmental" attacking Swiss banking accounts.  It goes like this:

1. Users is phished etc and installs PC malware.

2.  Malware alters the PC's DNS to point to a rogue DNS server and installs a fake root cert so no SSL errors occur.

3.  The fake bank site tells the users to install an app, which steals their SMS messages and forwards them to the crook.

I note that the Trend Micro report includes no reference to any loss by any banking customer.  Maybe it's because of their work, maybe it's because the more sophisticated an attack needs to be, the less likely it is to work.  I'm real curious about how many customers were duped by this.  All in all, I bet it's not a big deal.

 

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom