{"id":337,"date":"2015-07-12T15:14:27","date_gmt":"2015-07-12T12:14:27","guid":{"rendered":"https:\/\/www.protectimus.com\/blog\/?p=337"},"modified":"2019-06-11T14:57:34","modified_gmt":"2019-06-11T11:57:34","slug":"what-hides-beneath-sms-authentication","status":"publish","type":"post","link":"https:\/\/www.protectimus.com\/blog\/what-hides-beneath-sms-authentication\/","title":{"rendered":"What Hides Beneath SMS Authentication?"},"content":{"rendered":"

We have to pay for everything in life. Whatever you may call it \u2014 the law of conservation of energy, karma, or Divine Providence \u2014 that is how it is and how it will always be. In the 19th century, a postal courier loyal to his sovereign would risk his life delivering a letter to the addressee, which took up to a month, protecting it from any possible foes. In the 21st century, data exchange is carried out instantly, but it is a lot easier to \u2018break the seal\u2019.<\/p>\n

Cybercrime is increasingly on the rise. In 2013, in the USA alone over 3000 companies were victims of hackers\u2019 attacks. Forty million people suffered from the consequences of these crimes; 160 billion dollars was stolen. In 2014, the share of cyber crimes in the Russian Internet was 41% (11 thousand cases) of all the registered crimes in the IT environment. In early 2015, hackers\u2019 attacks on bitcoin exchanges sent shock waves through the community of holders of the cryptocurrency, which lost half of its value.<\/p>\n

\"SMS-authentication\"

SMS authentication<\/p><\/div>\n

According to the already mentioned law of conservation of energy (or money, in our case), online security and protection methods are also becoming more sophisticated. Regular passwords have been replaced with two-factor authentication. Banks\u2019 customers use it regularly when they receive one-time access codes via SMS messages. Admittedly, it is a step forward, but one can still trip over it.<\/p>\n

After a message is sent from a bank, it goes through a gateway and GSM network consisting of servers and transmission towers. That explains the relatively significant delay between pressing the Confirm Payment button and receiving the SMS message. Sometimes, it takes up to five minutes, which is a considerable amount of time by the standards of the 21st century: during this time, the SMS message can be intercepted and redirected, i.e. used for criminal purposes. Nowadays, hackers operate with automated hacker toolkits, and they can use the password in the SMS message in a split second. Not to mention the fact that some stages of the \u201cshort message\u201d transmission process are carried out by people. And, it is a well-known fact that big money can be quite a temptation. There is even a special term describing this vulnerability \u2014 \u201cman in the middle\u201d. It describes a situation when a hacker is \u201cin the middle\u201d between a bank and its customer.<\/p>\n

How can side effects of SMS authentication be neutralized? For example, it can be done via the two-factor authentication system offered by the company Protectimus<\/a>. A one-time password generated by a special device called a token owned by a customer is sent to the server and compared to the password generated using the same algorithm and the same input parameters. The company offers four kinds of these devices, plus support for SMS- and email tokens. Moreover, passwords are generated using three algorithms:<\/p>\n