SMS Bank Tokens Vulnerable: RSA

Posted by admin on 26/Jan/2011 in Security Alert Log | 0 comments

I read a nice article today on zdnet.com.au. It is becoming clearer by the day that criminals are beginning to target the mobile device as an access point to user data.

The following in an excerpt from the article.

Mobile phone attacks will increase this year as criminals attempt to intercept SMS-based authentication tokens, according to security company RSA.

The tokens are designed to complement username and password log-in checks by requiring users to validate payments with unique numerical codes, in this instance sent by SMS.

It is becoming more popular, and the Commonwealth Bank of Australia claims to have 80 per cent of its customer base using tokens to validate third-party payments via SMS or through safer handheld token-number generators. The bank isn’t forcing customers to use it, but those who don’t will not be permitted to carry out high-risk transactions over NetBank.

RSA said in a 2011 predictions report that sending tokens via SMS will make phones a target.

“The use of out-of-band authentication SMS … as an additional layer of security adds to the vulnerabilities in the mobile channel,” the company said in its report.

“A criminal can … conduct a telephony denial-of-service attack which essentially renders a consumer’s mobile device unavailable.

“SMS forwarding services are also becoming mainstream in the fraud underground and enable the [token] sent by a bank via text to a user’s mobile phone to be intercepted and forwarded directly to the cyber criminal’s phone.”

Read the article in full on zdnet.com.au

CellTrust Cracks it for Top Story on Urgent Communications Web Site

Posted by admin on 14/Oct/2009 in Security Alert Log | 0 comments

A very nice article about CellTrust SecureSMS™ Appliance has been posted on the Urgent Communications Web Site.

Lynnette Luna of Urgent Communications formerly known as MRT: Mobile Radio Technology has done a very nice write up. Here’s a brief excerpt from the article:

Secure mobile messaging and applications provider CellTrust introduced an enterprise appliance that enables encrypted SMS messages from handset to handset, application to handset or vice versa. That means public-safety agencies, federal government entities, health-care groups and banks now can use text messaging in a secure way.

Text messaging has evolved over the years to become a vital public-safety tool, and many companies have launched technology that offers two-way text dialog from any PC to any mobile device, regardless of wireless technology, carrier or device types. Public-safety and government agencies are using these systems as a valuable adjunct to their primary communications systems.

“Text messaging is not secure,” said Sean Moshir, CEO and chairman of CellTrust.  Standard SMS can be intercepted along the transmission path at multiple locations — SMS aggregators, operators, infrastructure providers or tower operators — especially when the Internet is transmitting the messages, he said.

(more…)

CellTrust Corp. Launches Secure Mobile Government Division To Receptive Audience in Singapore

Posted by admin on 14/Oct/2009 in Press Releases | 0 comments

Governments Around the World are Securing the SMS Channel.

Scottsdale, Arizona, USA and Singapore – October 14, 2009 – CellTrust Corporation, the world’s largest provider of SecureSMS for mobile phones (www.celltrust.com), announced today the launch of its Secure Mobile Government Division with a dedicated team of Governmental IT professionals and mobile security experts based at CellTrust headquarters in Scottsdale, Arizona, USA.

CellTrust’s Secure Mobile Government Division is comprised of seasoned IT professionals with decades of experience in governmental agency information data management. Along with CellTrust’s mobile security experts, they have engineered a suite of Secure Mobile Government Information Management applications designed to meet the stringent security and mobility needs of governmental agencies around the globe. The CellTrust SecureSMS™ Appliance connects to the CellTrust SecureSMS Gateway providing secure mobile information management to over 700 carriers in 200+ countries.

“We’ve experienced a global shift this year in demand from governmental agencies as they exploit the ubiquitous nature of SMS,” said Sean Moshir, CEO and Chairman of CellTrust. “After twenty years of providing Internet security for governmental agencies it is a logical step for the CellTrust team to pave the way for secure mobile government.”

(more…)