Intercepting two-factor authentication (SMS)

54,720 pts.
Tags:
Authentication
Encryption
SMS
I'm trying to learn more about "IT Security" and I've come across two-factor authentication. I understand two-factor authentication mechanisms use SMS to deliver single-use passphrase to the user. But how secure is it? Is it hard to intercept the SMS message containing the passphrase? Do mobile networks use encryptions on SMS?
ASKED: November 21, 2013  6:12 PM
UPDATED: November 22, 2013  8:56 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    I'm not aware of any low-cost "over the counter" means for intercepting SMS. As I wrote here, I think we've got much bigger problems to currently worry about in security.

    Keep in mind, however, that traditional SMS is becoming less and less popular and is being replaced with mobile apps. If those apps are vulnerable to data-in-transit or data-at-rest exploits, then the game changes and reasonable risks can be introduced.
    14,965 pointsBadges:
    report
  • Kevin Beaver
    I'm not aware of any low-cost "over the counter" means for intercepting SMS. As I wrote here, I think we've got much bigger problems to currently worry about in security.

    Keep in mind, however, that traditional SMS is becoming less and less popular and is being replaced with mobile apps. If those apps are vulnerable to data-in-transit or data-at-rest exploits, then the game changes and reasonable risks can be introduced.
    14,965 pointsBadges:
    report
  • Kevin Beaver
    As for the "here" link that's missing above, this is it:
    http://securityonwheels.blogspot.com/2013/08/you-cant-see-light-til-you-open-your.html

    14,965 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following