Hey.
On 20/03/2013 11:44, Julien Wajsberg wrote:
(I don't pretend to understand everything was described here)
Le 19/03/2013 17:30, Fernando Jiménez a écrit :
There have already been a few discussions about how to implement a silent SMS
flow [2]. The comment at [3] mentions the possibility of having an SMS flow
only with SMS MO [4], which would be absolutely great, but I can't see how this
flow can work in a secure way since it is possible to replace the sender of an
SMS [5].
I'd say the only consequence of a spoofed SMS would be a failed payment,
right ? There is no way the spoofed SMS would trigger an unwanted payment.
No, if SMS can be spoofed then the consequence would be a fraudulent
payment. The payment would be done, since we're basically equaling the
SMS to a proof-of-ownership of the line that will be used to do the
payment. So if user A with MSISDN A' can send a SMS with MSIDN B' that
is owned by user B, then that would result in us charging user B for
whatever user A bought.
Best,
Antonio
________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar
nuestra política de envío y recepción de correo electrónico en el enlace
situado más abajo.
This message is intended exclusively for its addressee. We only send and
receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
