Tagged Questions

Short message (or messaging) service, a system that enables cellular phone users to send and receive text messages.

learn more… | top users | synonyms

0
votes
0answers
18 views

Is TextKey SMS 2 factor authentication secure against cell phone cloning?

I came across this website today that implements SMS based authentication that works "opposite" most SMS authentication methods. In typical SMS authentication, the provider sends you an access code ...
-3
votes
0answers
125 views

SMS text spoofing [closed]

none of the items above answer my question. i rec'd multiple text messages from a number i don't recognize. i think i was spoofed and i think i know from who but can't prove it. she's done it before ...
2
votes
1answer
68 views

Send credentials by sms [duplicate]

If a user forgets his login credentials for a web site, is it secure enough to send users credentials by sms?
7
votes
1answer
181 views

Getting strange texts to an iPhone #PWD123456#00X

My dad is getting strange SMS texts to his iPhone 4 Some examples: #PWD123456#WHL003=2308480298 #PWD123456#WHL004=2398480389 #PWD123456#WHL002 #PWD123456#WHL002 #PWD123456#STATUS? ...
-1
votes
1answer
126 views

Is it still possible to sign up for a Google account without SMS verification? (March, 2013) [closed]

Non of these two methods worked: http://googlesystem.blogspot.com/2012/01/new-google-accounts-require-gmail-and.html
2
votes
2answers
190 views

Retreive header from SMS iphone

I received a lot of SMS from a guy where the phone number change every time. I can answer to these SMS, so I think it's only a spoofing of the sender ID of the SMS header which will be displayed in ...
6
votes
2answers
170 views

Can a SMS recipient charge any arbitrary fee to the sender without approval?

I received an email from a prospective "client" in broken English. We have been going back and forth about services for a while and he wants me to text him. Is it possible for him to charge me some ...
-1
votes
2answers
102 views

Can 2FA help handle mixed personal and business accounts after leaving a company?

I do not want a super administrator in Google Apps to log to my account after leaving company, so I enabled 2-step verification. He could login to many sites as me with just a link in "forget ...
26
votes
1answer
782 views

How does a new SMS message overwrite a previous one?

During a talk from a vendor, the speaker mentioned that their product used a "little known feature" of SMS in order to overwrite the last text message received from them. This feature was being used ...
8
votes
4answers
2k views

How can SMS spoofing be detected?

SMS spoofing involves faking the source ID, by replacing it with alphanumeric text. This can be useful for mobile providers, but can lead to security issues such as social engineering. How can we as ...
6
votes
4answers
406 views

Should SMS systems warn users of possible spoofing attacks?

The author of this blog post Never trust SMS: iOS text spoofing says that: The sender of an SMS message may provide arbitrary sender information using low level protocol features. Furthermore the ...
3
votes
4answers
278 views

SMS Authentication: random OTP or a cryptographic one

I'm adding two-factor authentication using SMS to enhance an existing login process. Since I'm not working with physical tokens, I was wondering what is considered the safest: Sending random 8 ...
1
vote
0answers
90 views

What's the deal with SMS archiving? [closed]

The other week I was texting a friend of mine, and something happened that I haven't experienced before. Instead of receiving the text I'd just sent, my friend received a text I sent several months ...
-5
votes
2answers
175 views

Is it possible to MITM between Google voice SMS/TXT Messaging

I have 2 spammers who won't stop spamming me via SMS once I post stuff online. I would like to determine their location based on language, so if I were to somehow become a man in the middle and have ...
3
votes
1answer
298 views

How to catch a SMS spammer who is using google voice to spam me

How do I catch a SMS spammer who is using google voice to spam me? I have the google voice number and 2 of their burner emails with gmail. How do I gather enough information to inform the ...
1
vote
0answers
142 views

Honeypot for catching a spammer [closed]

I've been receiving more and more emails and now even TXT messages originating from google voice for inquiries of items that I've listed for sale on craigslist. What I would like to accomplish: I ...
22
votes
5answers
4k views

What is preventing us from sniffing the mobile phone communcation?

I'm learning wireless penetration testing. It really is amazing. But it made me wonder, what about mobile phones? They are also means of wireless communication. So, our entire voice must be in the air ...
3
votes
1answer
2k views

Is there a sms authentication that works like 10minutemail?

I remember reading on this site a user recommending 10minutemail.com as a way to register or give email address to non-trusted websites. Is there any similar site for disposable phone number for ...
5
votes
1answer
225 views

SMS PDU specification and carving techniques?

I'm trying to carve NAND flash raw dumps for SMS:s (for school, digital forensics), following the information on dreamfabric.com, but I'm having some trouble. First of all, the specification isn't ...
5
votes
3answers
849 views

Proof of SIM card possession on iOS devices

I need to proof that a user of my app is in possession of the correct SIM card. On android devices, this is possible by simply sending a challenge within an SMS to the corresponding number (the proof ...
3
votes
2answers
728 views

SMS / voice call interception with a fake base station

This answer to a similar topic describes in a detailed way how vulnerable SMS and voice calls are in terms of decryption. In order to do so, an attacker needs to set up a fake base station located ...
27
votes
5answers
4k views

How hard is it to intercept SMS (two-factor authentication)?

A lot of two-factor authentication mechanisms use SMS to deliver single-use passphrase to the user. So how secure is it? Is it hard to intercept the SMS message containing the passphrase? Do mobile ...
2
votes
4answers
607 views

Can SMS text messages be used to verify a person's unique identity through a short code system?

We run online contests and want to eradicate cheating (yeah right), or at least mitigate it. I've asked the question regarding user experience here: ...
10
votes
3answers
536 views

Is it “standard” to SMS passwords?

When I get credentials for a new machine, my company will often send the login id in email, then SMS (or sometimes Skype msg) the password. This is obviously in order to separate the login and ...