On 10/17/2018 01:32 PM, Andrew Luke Nesbit via cctalk wrote:
[Reposting because my previous reply to this message was set to the
wrong From address.]
I hate it when I do that.
Good point. As far as I can tell, there's no way of securing
communications with a purely SMS-based approach.
I think you need additional factors in the SMS message to validate
things. Each additional factor makes it harder to /successfully/ spoof
control messages.
Think something along the lines of a OTP.
Maybe voice fingerprinting and authentication for each request..?
I can already smell feature creep.
Um, as far as I know, SMS doesn't carry anything other than a small
amount of text.
Maybe you're meaning MMS, which can carry voice and more text.
I think that voice recognition might be more problematic. As in speech
recognition.
I would wonder about some sort of challenge response and / or
SMS(MMS)-back system.
You could also look at signing MMS messages (which can carry more data)
with a standard PKI. That way it would be trivial to have the recipient
validate things.
--
Grant. . . .
unix || die
