Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Text message Security
joe5600

94 posts

Master Geek
Inactive user


#7455 16-Apr-2006 16:48
Send private message

hello there does any one here no how security our text message's are doesd telecom/vodafone log them is it possable to pick up someone else's text message's???????????????????

Create new topic
sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33097 16-Apr-2006 17:23
Send private message

I was told a couple of years ago that Telecom stored SMS's for a celendar month and Vodafone for 1 week. With the explosive growth of SMS and in particular threatening message sent via SMS I believe both networks store messages for at least several months. I am sure somebody on here will be able to give you exact details.

The number of cases Police are investigating re threatening txts is staggering, maybe both networks need to start emphasising the fact that messages are stored and can all be recalled.



paradoxsm
3000 posts

Uber Geek

Trusted

  #33106 16-Apr-2006 19:16
Send private message

They can be read by certain employee's, They need some good reasons to do it however,

I heard they are stored for 6 months now, following all the recent TXTbullies and TXTabuse happening. I used to get spammed by 027's when $10 unlimited SMS came out.

Remember they are 7 bit data and only 160 characters, You could easily fit 10 of them in 1KB and they compress rather well even as .ZIP.

Jama
1420 posts

Uber Geek
+1 received by user: 1

Trusted

#33111 16-Apr-2006 19:43
Send private message

6 months would require 2.5TB worth of storage.



tonyhughes
Hawkes Bay
8476 posts

Uber Geek
+1 received by user: 6

Retired Mod
Trusted
Lifetime subscriber

  #33125 16-Apr-2006 21:05
Send private message

Mauricio could hold a couple of months worth then...

To the OP: Dont treat text messages as secure. The network used to deliver them is secure at some level, but the message itself is not encrypted as far as I am aware.

Unless you encrypt a communication yourself, and trust that encryption to a strong enough degree (appropriate to the content of the communication), then you should be aware that the message can not be considered private.

No, you cannot intercept anyone elses text messages. The days of phone cloning are pretty much gone. (Unless you are in the league of governments that own fleets of black helicopters I suppose).







Torque
379 posts

Ultimate Geek
+1 received by user: 23


  #33332 18-Apr-2006 21:06
Send private message

Indeed, I would presume Fraud Investigators / Security team people at the telcos can read txt messages.
Cops can if they get a warrant.

Who knows what the SIS/GCSB can do in regards to that?

essamessa
12 posts

Geek


  #33348 19-Apr-2006 09:14
Send private message

SMS content is not available to anyone without a warrant.  When the Police require text data they must obtain a warrant from the Courts and present that to the telco, which then extracts the data for them. 
Only around a week of text data is stored, expressly for this purpose.

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
cokemaster
Exited
4937 posts

Uber Geek
+1 received by user: 1089

Retired Mod
Trusted
Lifetime subscriber

#33355 19-Apr-2006 10:56
Send private message

I would hope that they are reasonably secure due to several banks uisng SMS (Kiwibank and ASB by memory) for various tasks.....

Though, I've been let down before.




webhosting

Loose lips may sink ships - Be smart - Don't post internal/commercially sensitive or confidential information!

sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33359 19-Apr-2006 11:38
Send private message

cokemaster: I would hope that they are reasonably secure due to several banks uisng SMS (Kiwibank and ASB by memory) for various tasks.....



Though, I've been let down before.



Two factor authentication is a bit of a joke for bank security as it only offers a very minimal extra layer of security over the existing login/password and simply causes an inconvenience to people. Somebody at a telco intercepting messages is the least of your worries!

It will be very interesting to see the banks response in NZ when we get the first fraud case involving a customer using two factor authentication since they have hyped up the supposedly additional security it offers!

 

cokemaster
Exited
4937 posts

Uber Geek
+1 received by user: 1089

Retired Mod
Trusted
Lifetime subscriber

#33360 19-Apr-2006 11:45
Send private message

It gets worse. In ASBs case they have TXT Banking which allows you to transfer money around your accounts (but not out of).

It has a 25c fee in addition to whatever fees apply to your account AND the cost to text (usually 20c per message)... potentially someone could have 'fun' tranferring money around in the knowledge that its racking up fees.




webhosting

Loose lips may sink ships - Be smart - Don't post internal/commercially sensitive or confidential information!

sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33364 19-Apr-2006 12:21
Send private message

But that's still not likely to cause any significant fraud.

The big problem with two factor authentication is that with a keylogger trojan running you can capture a login, password and two factor code in realtime, redirect the user to a site that says the login has failed and then somebody somewhere in the world in realtime can have immediate access to your system. It's easy to avoid this by implimenting a second layer of security that will only allow the generated two factor code to be submitted from the same IP as the original login if the two factor code is sent via SMS - from what I understand this does not happen in NZ.

freitasm
BDFL - Memuneh
80647 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#33365 19-Apr-2006 12:29
Send private message

sbiddle: But that's still not likely to cause any significant fraud.

The big problem with two factor authentication is that with a keylogger trojan running you can capture a login, password and two factor code in realtime, redirect the user to a site that says the login has failed and then somebody somewhere in the world in realtime can have immediate access to your system.
Not really - remember the keylogger collects one number for the second authentication, but when the bad person tries to login s/he will be asked for the number again - which by that time is invalid for a second login.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Shop now at Mighty Ape (affiliate link).
sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #33368 19-Apr-2006 12:43
Send private message

freitasm:
sbiddle: But that's still not likely to cause any significant fraud.

The big problem with two factor authentication is that with a keylogger trojan running you can capture a login, password and two factor code in realtime, redirect the user to a site that says the login has failed and then somebody somewhere in the world in realtime can have immediate access to your system.
Not really - remember the keylogger collects one number for the second authentication, but when the bad person tries to login s/he will be asked for the number again - which by that time is invalid for a second login.



The trojan dosn't pass the two factor code to the bank site however, it merely captures it with the keylogger and then directs the user to a site saying the login has failed and sends the info to the bad guy who has to log in immediately. I was reading about this the other day when somebody demonstrated an attack on a German bank using a custom trojan, it of course requires specific programming for a certain bank but it's proof that two factor authentication isn't the bullet proof solution that the banks want.

richms
29098 posts

Uber Geek
+1 received by user: 10209

Trusted
Lifetime subscriber

  #33882 25-Apr-2006 21:27
Send private message

Also there are trojens that allow them to take over your browsing session, so as the text code auths your session, they can then do whatever they like in another browser once the users desired transaction has happened.

A lot harder as they have to be ready to go when the user logs into the banking site and does the text confirmation, but still worth it for the gains if it allows the perps to get away with cleaning out someones account. 






Richard rich.ms

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright