Hi all,<br><br>Reading the last thread on why SMS isn't/should be dead, I almost piped up with a thought before I realized I should probably check my head-sphincter interface, first.<br><br>Many banks use SMS messages as an out-of-band authentication factor for online banking. (ie, they send a challenge code to the customers phone in response to an online banking request) If one assumes that cell phone SMS messages can't be intercepted out of the air by a forged device or through other means, they operate as a quasi-physical authentication factor, which is very valuable.<br>
<br>This would be a strong use case for SMS over email or other general-purpose communication mediums where the password or other knowledge can be bootstrapped into access to the medium.<br><br>However, I'm not so sure this assumption is correct. Does anyone have good references for the security of SMS? The most I've been able to find is this Slashdot article [1].<br>
<br>-Nick<br><br>[1] <a href="http://it.slashdot.org/article.pl?sid=09/05/21/1858233">http://it.slashdot.org/article.pl?sid=09/05/21/1858233</a><br>