OTsorta : Old phone system(s) avail

Grant Taylor cctalk at gtaylor.tnetconsulting.net
Wed Oct 17 16:10:59 CDT 2018


On 10/17/2018 01:32 PM, Andrew Luke Nesbit via cctalk wrote:
> [Reposting because my previous reply to this message was set to the 
> wrong From address.]

I hate it when I do that.

> Good point.  As far as I can tell, there's no way of securing 
> communications with a purely SMS-based approach.

I think you need additional factors in the SMS message to validate 
things.  Each additional factor makes it harder to /successfully/ spoof 
control messages.

Think something along the lines of a OTP.

> Maybe voice fingerprinting and authentication for each request..? 
> I can already smell feature creep.

Um, as far as I know, SMS doesn't carry anything other than a small 
amount of text.

Maybe you're meaning MMS, which can carry voice and more text.

I think that voice recognition might be more problematic.  As in speech 
recognition.

I would wonder about some sort of challenge response and / or 
SMS(MMS)-back system.

You could also look at signing MMS messages (which can carry more data) 
with a standard PKI.  That way it would be trivial to have the recipient 
validate things.



-- 
Grant. . . .
unix || die


More information about the cctalk mailing list