OTsorta : Old phone system(s) avail
Grant Taylor
cctalk at gtaylor.tnetconsulting.net
Wed Oct 17 16:10:59 CDT 2018
On 10/17/2018 01:32 PM, Andrew Luke Nesbit via cctalk wrote:
> [Reposting because my previous reply to this message was set to the
> wrong From address.]
I hate it when I do that.
> Good point. As far as I can tell, there's no way of securing
> communications with a purely SMS-based approach.
I think you need additional factors in the SMS message to validate
things. Each additional factor makes it harder to /successfully/ spoof
control messages.
Think something along the lines of a OTP.
> Maybe voice fingerprinting and authentication for each request..?
> I can already smell feature creep.
Um, as far as I know, SMS doesn't carry anything other than a small
amount of text.
Maybe you're meaning MMS, which can carry voice and more text.
I think that voice recognition might be more problematic. As in speech
recognition.
I would wonder about some sort of challenge response and / or
SMS(MMS)-back system.
You could also look at signing MMS messages (which can carry more data)
with a standard PKI. That way it would be trivial to have the recipient
validate things.
--
Grant. . . .
unix || die
More information about the cctalk
mailing list