From the course: Threat Modeling: Spoofing In Depth

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Attacking phone authentication

Attacking phone authentication

From the course: Threat Modeling: Spoofing In Depth

Start my 1-month free trial

Attacking phone authentication

- Using text messages to improve authentication is one of those things that makes me mad. There are good reasons to get rid of SMS authentication, a technology that's only ever adopted by a few percent of customers or users. Text messages are easily attacked, and the many ways that they can be attacked makes for a great exercise. Consider all the ways that a one time token, or OTT, can be disclosed. And while this is a course on spoofing, sometimes information disclosure is an important step toward spoofing as is tampering, or even intermediate levels of spoofing. As an aside, many of these attacks have a nasty side effect, which is they make the real owner of the phone unreachable for some period of time. I have a friend who's daughter has medical issues. It's critical for the school to be able to contact her parents. My friend is aghast at the idea of her phone being collateral damage because of how she authenticates at work. If a service you're using presents text messages as…

Contents