Timeline for Why is SMS used as a way of verifying a user's mobile, when it is not even encrypted in transit?
Current License: CC BY-SA 4.0
25 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 2, 2021 at 23:15 | answer | added | claudiuf | timeline score: 4 | |
| Jul 21, 2021 at 9:28 | answer | added | MrCranky | timeline score: 2 | |
| Jul 9, 2021 at 14:22 | comment | added | user3067860 | @MohamedWaleed abcnews.go.com/Technology/wireStory/… This ...person... sent himself spoofed threatening text messages and then used that to get a restraining order and ultimately get his ex arrested and jailed (twice). I believe he eventually was caught because he sent a spoofed message while she was in jail. (And of course at the same time there are many people who really are being sent threatening text messages and need immediate police response to protect them, so everyone does have to take that seriously.) | |
| S Jul 9, 2021 at 11:47 | history | suggested | psmears | CC BY-SA 4.0 | Improve wording and grammar |
| Jul 9, 2021 at 10:23 | review | Suggested edits | |||
| S Jul 9, 2021 at 11:47 | |||||
| Jul 9, 2021 at 4:56 | comment | added | Martin Argerami | @MohamedWaleed: it's no different than sending a letter and signing like someone else. It has been doable for millennia. The tricky part is to intercept the reply. | |
| Jul 8, 2021 at 22:47 | comment | added | Mohammed Rady | @JoryGeerts isn't it weird that you can impersonate anyone by this ? | |
| Jul 8, 2021 at 7:50 | comment | added | Jory Geerts | @MohamedWaleed Pretty much any SMS gateway provider (which is what for instance governments use to actually deliver the messages) allow you to set any number you want as the sender (including setting letters instead of digits). It isn't something you can do from your phone, but and API key (from a free trial that most providers offer) and maybe 10 lines of code and you're good to go. | |
| Jul 7, 2021 at 22:31 | comment | added | Mohammed Rady | @JoryGeerts how is it easy to send a sms from any number ? | |
| Jul 7, 2021 at 12:44 | comment | added | Jory Geerts | @MooingDuck Yes sending to any number you want is easy. Sending from any number is also easy. But both of those are irrelevant here. What matters here is being able to receive messages that are meant for any number. This isn't trivial afaik. | |
| Jul 7, 2021 at 11:17 | review | Suggested edits | |||
| Jul 7, 2021 at 11:18 | |||||
| Jul 7, 2021 at 11:09 | comment | added | sleske | Related: How hard is it to intercept SMS (two-factor authentication)? | |
| Jul 7, 2021 at 8:55 | answer | added | Chris H | timeline score: 29 | |
| Jul 7, 2021 at 0:09 | comment | added | Mooing Duck | I work on an SMS app. Sending an SMS from any arbitrary number is outright trivial. There is nothing more insecure than SMS. | |
| Jul 6, 2021 at 22:26 | answer | added | Alexander The 1st | timeline score: 13 | |
| Jul 6, 2021 at 21:17 | history | edited | schroeder♦ | edited tags | |
| Jul 6, 2021 at 21:15 | answer | added | fraxinus | timeline score: 53 | |
| Jul 6, 2021 at 21:00 | history | tweeted | twitter.com/StackSecurity/status/1412516727632629760 | ||
| Jul 6, 2021 at 19:00 | history | became hot network question | |||
| Jul 6, 2021 at 12:52 | comment | added | elsadek | SMS is built-in feature on mobile phones, you don't have to install it and you can not uninstall it intentionally or accidentally . As @user10489 mentioned in his answer, a risk assessment could be a way to choose or not using SMS. For further understanding check this security.stackexchange.com/a/197187/21144 | |
| Jul 6, 2021 at 11:43 | vote | accept | Mohammed Rady | ||
| Jul 6, 2021 at 11:36 | answer | added | user10489 | timeline score: 10 | |
| Jul 6, 2021 at 11:26 | answer | added | galoget | timeline score: 77 | |
| Jul 6, 2021 at 11:06 | review | First posts | |||
| Jul 6, 2021 at 14:39 | |||||
| Jul 6, 2021 at 10:59 | history | asked | Mohammed Rady | CC BY-SA 4.0 |