Penetration Testing mailing list archives
SMS Banking
From: "M.D.Mufambisi" <mufambisi () gmail com>
Date: Thu, 4 Feb 2010 18:20:22 +0200
Hi All, Im designing an SMS baking application but i need to research on the security risks involved first. Im thinking of subscribing mobile phone number along with a pin. eg Number 222-222-222 PIN 20029. So when the individual wants to enquire his balance, he sends a text messgae like Bal 20029 i.e. BAL PINNUMBER. The control here is that the sms and pin has to come from the subscribed number and only that number. I also want to be able to allow subscribers to tranfer funds to pre determined service providers such as utility companies etc. What are the risks around this application? How are such applications normally subverted? Are there any case studies someone can point me to? What are the various authentication methods as i appreciate mine can not be the best? Your help will be most appreciated. Munyaradzi ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SMS Banking M.D.Mufambisi (Feb 05)
- Re: SMS Banking Budi wibowo (Feb 05)
- Re: SMS Banking Doug Farre (Feb 05)
- RE: SMS Banking Thor (Hammer of God) (Feb 07)
- Message not available
- Re: SMS Banking Markus Matiaschek (Feb 07)
- RE: SMS Banking Craig S. Wright (Feb 07)
- Re: SMS Banking Markus Matiaschek (Feb 07)