Wednesday, April 22, 2009

SMS as Two Factor Authentication Spoofable?

Speculation as to why there is an apparent rush to buy a certain model of an old Nokia cell phone.
'The 1100 can apparently be reprogrammed to use someone else's phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud."
If true, then an SMS to a cell phone would no longer reliable for two factor authentication. Impersonate a persons phone long enough to log into their bank account? That'd be amusing.

1 comment:

  1. I remember that a long time ago, cellphone cloning was possible, or at least rumored to be, but that "modern" phones wouldn't do it.

    I wonder what it is about that phone which makes it possible? Maybe something akin to the Twilight hack for Wii or whatever program it was that didn't encrypt the method of decoding DVDs?