Re: [android-security-discuss] How to snif sms text on Android

On Wed, Apr 11, 2012 at 6:16 AM, Kevin Chadwick <[EMAIL PROTECTED]> wrote:
> On Tue, 10 Apr 2012 22:10:01 -0400
> Jeffrey Walton wrote:
>
>> Two factor authentication using a cell phone was recently broken:
>> "Two-channel breached: a milestone in threat evaluation, and a floor
>> on monetary value",
>> http://financialcryptography.com/mt/archives/001349.html
>
> That's not broken. If you don't use it as "Two Factor" aka defense in
> depth then your just using it badly. "Two network" auth is how it should
> be used but it still adds some defense even when incorrectly used just
> on the phone as you'd need to either locally sniff sms traffic likely
> requiring permissions bypass or decrypt the sms traffic in the air or
> hack the Telcos network. All easier than you would think but still
> it does add to security and in the face of single sign-on systems.
Tell that to the folks who lost $45,000.

-- 
You received this message because you are subscribed to the Google Groups 
"Android Security Discussions" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/android-security-discuss?hl=en.