Collaborate Disseminate
We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities. Continue reading Cinterion EHS5 3G UMTS/HSPA Module Research
This is a problem that many of us face: A surprising number of financial institutions’ websites offer additional authentication only via SMS and/or phone call. But I will refer to my situation specifically.
How can this be made safe again… Continue reading How to make SMS-based 2FA safer?
Remember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage daughter’s cheerleading rivals kicked off the team? Well, there has been a surprising development. And learn how cybercriminals have be… Continue reading Smashing Security podcast #372: The fake deepfake, and Estate insecurity
My site’s users currently do not have any MFA options, but we’re planning to release this feature in the near future. We’ve already built support for TOTP and have it working internally, but some on my team think that it won’t be very user… Continue reading If I’m rolling out MFA to users, should I provide TOTP, SMS or both? [duplicate]
I have received three texts from my daughter’s phone number – she is on an iPhone 14, I am on a Google Pixel 4. The first two texts came in on my car Android Auto – a week apart, but within minutes of the same time of day…and copies of t… Continue reading Mom receiving texts with some private info daughter has not sent [closed]
Hackaday.io user [mabe42] works during the week away from their home city and rents a small apartment locally to make this life practical. However, the heating system, a night-storage system, …read more Continue reading 2024 Home Sweet Home Automation: SMS Controlled Heating
How can SMS spoofing be detected? I know we can find it by message centre, but what if in the case of multiple routing?
Continue reading Detecting SMS spoofing when there is multiple routing
Although I disagree with the term MFA entirely if it refers to ‘login code send to email’, it’s a one-time password at best, and likely badly implemented with its associated risks. I do see quite some software having email as their only ‘M… Continue reading If only ‘two’ insecure MFA options are available (email and sms) which is ‘most secure’? [duplicate]
Valve, the company behind the Steam video game platform, has announced a new security feature after multiple reports of game updates being poisoned with malware.
But have they chosen the best way to protect developers’ accounts?
Read more in my a… Continue reading After hackers distribute malware in game updates, Steam adds SMS-based security check for developers
I received an odd SMS message from xfinity earlier. The message looks real, and the link they provided is real, but they said I ordered a movie through their service, which I did not. I am wondering if spoofed SMS messages would show up in… Continue reading Would a spoofed SMS message show up in the same chat history as a legitimate SMS?