Penetration Testing mailing list archives
Re: SMS Banking
From: Markus Matiaschek <mmatiaschek () gmail com>
Date: Fri, 5 Feb 2010 16:08:09 -0600
Hi, I'd just like to make some comments, i didn't think about a solution for your problem. First of all i think that my Budi wibowo got something wrong regarding who is sending the PIN. Second, GSM is cracked: http://reflextor.com/trac/a51 and can be intercepted and decrypted. You should take this into account. Third i think the only farely safe way to make money transfers is with transaction numbers, TANs. German banks send mobileTANs to preregistered cell phone numbers to allow a transaction (through online banking though). A "three-way-handshake" with a mTAN should pretty much prevent transactions through spoofed numbers. regards, Markus Matiaschek Absolute IT Consulting S.A. San José, Costa Rica ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SMS Banking M.D.Mufambisi (Feb 05)
- Re: SMS Banking Budi wibowo (Feb 05)
- Re: SMS Banking Doug Farre (Feb 05)
- RE: SMS Banking Thor (Hammer of God) (Feb 07)
- Message not available
- Re: SMS Banking Markus Matiaschek (Feb 07)
- RE: SMS Banking Craig S. Wright (Feb 07)
- Re: SMS Banking Markus Matiaschek (Feb 07)