authenticating (or not) SMSes
with the rise of twitter, other services will be getting texty too:
It’s not just Twitter and Jott who are susceptible to these issues. Unfortunately, I’ve come across cell phone companies, credit card companies, and even banks that rely on Caller ID information to authenticate their customers. Because it is so easy to spoof Caller ID, it is clear that Caller ID information should never be trusted to authenticate users, and many financial institutions have learnt this the hard way.
Given the popularity of Twitter, similar phone+IM+email mash-up services are likely to be created in the very near future. I sincerely hope these services realize the implications of authenticating users based on incoming SMS headers and Caller ID information.
Twitter and Jott Vulnerable to SMS and Caller ID Spoofing. via daring fireball.
