Mobile Phone SMS Security

When I first began to encounter SMS validation as a security measure it really annoyed me because I find it extremely presumptuous that any system developer would assume that everyone has mobile phone service or even the fact that everyone might actually have a mobile phone.

There is zero mobile phone service where I work and live and the location is less than 56 kilometers from the Sydney Harbour Bridge. The closest mobile signal means a drive in the car for 20 minutes each way or a rugged climb through bush up the side of a mountain which also takes 20 minutes or more each way.

This lack of mobile service is still current at the end of 2017

Today many first hand accounts arise of mobile phone SIM cards being ported away from the rightful owner due to lax or zero security by telcos and ported mobile phone numbers are then used to access the rightful owners bank accounts and more. SIM card encryption has been compromised in the past and will be again in the future.

Even at the most elementary level a mobile phone with its SIM card can be physically stolen and used. There are many more potential hacks that could compromise a mobile phone SIM card and the information that is assumed it will protect.

Many online organisations attempt to verify persons in the first instance via a mobile phone number! What a joke! Virtual mobile phone numbers are everywhere. Virtual mobile number aside, It is very easy to obtain a mobile phone SIM card and activate it without providing any personal information.

How can anyone possibly think that a mobile phone number and a SMS verification is secure and actually verifies a person?

In Australia Telstra followed by Optus and Vodaphone offshore almost all their technical support and I have zero confidence in any of these organisations let alone using them to verify my personal data. Their archaic billing systems should be clear warning of this extreme risk to everyone.

Developers please give up on the mobile phone and SMS option or at least give people who really care about their security an alternative option which will allow us to disallow any type of SMS or mobile phone verification regarding our personal security or personal verification's.

Alternative two step authentication options are very convenient, they work anywhere even without mobile phone reception and there are even free options available if you cannot afford the cost of issuing tokens.

Telstra forum SIM card fraud 2015

United Kingdom example from 2016

2015 Vodaphone example

France example

Telstra in Australia

 

AttachmentSize
PDF icon SMS Digital Fraud14.42 KB
PDF icon Happening more than we know1.54 MB