Aviram Jenik wrote: >> Any attacker which is after your stuff and is able to penetrate a GSM >> exchange and send an unauthrized message without anyone noticing >> (remember that banks rely on the number as a ID good enough to identify >> you and divolge your account details on SMS) > > > Hey... Gilad, I expected better from you (being the one who built an SMS > gateway from recycled paper and used cardboard boxes). Actually it was half a spud and an Orchid ;-) > Spoofing != sniffing. Spoofing is actually much easier. Faking the GSM > number you *send* to someone is easy/ier (I just have to fake the proper SMS > message). Sniffing the SMS your bank sends *you* is harder. Hmm.. I did not imply that because the bank is sending you your acocunt details on SMS it makes it safe because the bank trusts that no one can READ your messages, what I meant is that Bank trust the identity they get from the network to send the information, that is - that the network is hard (enough) to spoof. Anyway, this thread is rather silly. You could DES encrypt the SMS messages... But this is getting OT ;-) Gilad. -- Gilad Ben-Yossef <[EMAIL PROTECTED]> http://benyossef.com :: +972(54)756701 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
