I think it's interesting to see how hard we've worked on making the web secure by adding all sorts of checks and protocols, but we've neglected to do the same with basic telecoms.
When I first started using web based communication platforms like Twitter and Nexmo I was really surprised to learn that I could put anything in the from field when sending a text message. All I could think was that it was a weakness that was ripe for abuse.
I believe there was a case in Germany a few years back where a group of phishers had online banking login details for several hundred users but couldn't initiate transfers without entering a PIN sent to the account holders phone via SMS. So the phishers set up a fake telephone company so that they could issue SS7 commands and have the account holders phone's temporarily redirected to another number where the PIN could be intercepted.
I think there is a false assumption amongst many people that the telephone system is inherently secure. Stuff like the above and all the robo calls coming from false numbers should warn otherwise.
When I first started using web based communication platforms like Twitter and Nexmo I was really surprised to learn that I could put anything in the from field when sending a text message. All I could think was that it was a weakness that was ripe for abuse.
I believe there was a case in Germany a few years back where a group of phishers had online banking login details for several hundred users but couldn't initiate transfers without entering a PIN sent to the account holders phone via SMS. So the phishers set up a fake telephone company so that they could issue SS7 commands and have the account holders phone's temporarily redirected to another number where the PIN could be intercepted.
I think there is a false assumption amongst many people that the telephone system is inherently secure. Stuff like the above and all the robo calls coming from false numbers should warn otherwise.