Business logic flaws in mobile operators services
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
Titel |
| |
Serientitel | ||
Anzahl der Teile | 112 | |
Autor | ||
Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
Identifikatoren | 10.5446/38902 (DOI) | |
Herausgeber | ||
Erscheinungsjahr | ||
Sprache |
Inhaltliche Metadaten
Fachgebiet | ||
Genre | ||
Abstract |
|
DEF CON 21101 / 112
3
6
8
9
13
14
15
16
17
22
23
24
25
29
32
33
36
37
39
42
45
47
49
53
60
61
64
65
66
71
76
79
80
82
89
103
106
108
00:00
Stochastische AbhängigkeitSystemverwaltungRechnernetzSimulationMathematische LogikNichtlinearer OperatorDienst <Informatik>ZahlzeichenE-MailMathematische LogikDienst <Informatik>OSS <Rechnernetz>MaschinenschreibenTwitter <Softwareplattform>Ordnung <Mathematik>SimulationProzess <Informatik>MultiplikationsoperatorMicrosoft dot netFreier LadungsträgerPlastikkarteÜberlagerung <Mathematik>BildschirmsymbolSystemplattformDigitalisierungSystemverwaltungWeb SiteKartesische KoordinatenSoftware Development KitInternettelefonieBitrateSoftwareRelativitätstheorieBesprechung/InterviewComputeranimation
01:46
SimulationBildschirmsymbolMessage-PassingOrdnung <Mathematik>MenütechnikSimulationPlastikkarteKartesische KoordinatenFreier LadungsträgerBitrateZahlenbereichE-Mail
03:16
Nichtlinearer OperatorMessage-PassingE-MailCASE <Informatik>Inverser LimesMessage-PassingE-MailIndexberechnungZahlenbereichOrdnung <Mathematik>NummernsystemComputersicherheitProtokoll <Datenverarbeitungssystem>Element <Gruppentheorie>ParametersystemUmwandlungsenthalpieSimulationDatenfeldCOMComputeranimation
04:33
Message-PassingHauptidealringSimulationSinusfunktionZahlenbereichSimulationPlastikkarteNummernsystemArithmetisches MittelUmwandlungsenthalpieMessage-PassingProtokoll <Datenverarbeitungssystem>AdressraumTypentheorieFreier Ladungsträger
05:25
ComputersicherheitParametersystemHyperbelfunktionIndexberechnungParametersystemComputersicherheitVerkehrsinformationFehlermeldungBeweistheorieBitZahlenbereichSimulationPlastikkarteMessage-PassingRegulärer GraphTechnische ZeichnungFlussdiagramm
06:25
E-MailNummernsystemCodierungstheorieProtokoll <Datenverarbeitungssystem>HauptidealringElement <Gruppentheorie>DatenstrukturE-MailNummernsystemProtokoll <Datenverarbeitungssystem>SchlüsselverwaltungIndexberechnungSimulationPlastikkarteZahlenbereichEigentliche AbbildungComputersicherheitParametersystemMessage-PassingOrdnung <Mathematik>BitBeweistheorieArithmetisches MittelComputeranimation
07:46
PlastikkarteVersionsverwaltungSommerzeitInternetworkingProtokoll <Datenverarbeitungssystem>E-MailVirtual Home EnvironmentSimulationKartesische KoordinatenMotion CapturingPlastikkarteGruppenoperationMessage-PassingSimulationZahlenbereichE-MailVideokonferenzSystemaufrufDatensatzComputeranimation
08:38
Neuronales NetzBinärdatenHauptidealringProtokoll <Datenverarbeitungssystem>CodierungstheorieE-MailAdressraumMessage-PassingDatentypFreier LadungsträgerZahlenbereichDatenfeldSummengleichungMessage-PassingProtokoll <Datenverarbeitungssystem>NummernsystemComputeranimation
09:31
Einfacher RingCLIBinärdatenMessage-PassingDatentypE-MailHauptidealringProtokoll <Datenverarbeitungssystem>CodierungstheorieSimulationPlastikkarteGamecontrollerMessage-PassingComputeranimationBesprechung/Interview
10:07
SimulationPlastikkarteMessage-PassingFreier LadungsträgerAkkumulator <Informatik>Besprechung/Interview
10:33
Message-PassingSimulationPlastikkarteMessage-PassingBesprechung/InterviewComputeranimation
11:04
GruppenoperationE-MailE-MailMessage-PassingZahlenbereichPay-TVBitrateDienst <Informatik>BrowserUmwandlungsenthalpieBitArithmetische FolgeMultiplikationsoperatorGüte der AnpassungUmsetzung <Informatik>Rechter WinkelComputeranimationBesprechung/Interview
12:49
SummengleichungWeb-SeiteNichtlinearer OperatorWärmeübergangVideokonferenzDienst <Informatik>MenütechnikRechnernetzOrdnung <Mathematik>SimulationBrowserBildschirmfensterFreier LadungsträgerWeb-SeiteAdressraumFormation <Mathematik>Dienst <Informatik>COMVideokonferenzOrdnung <Mathematik>NeuroinformatikCASE <Informatik>SoftwareComputeranimation
13:32
Einfach zusammenhängender RaumCachingRechnernetzOrdnung <Mathematik>SimulationMenütechnikBrowserWeb-SeiteFreier LadungsträgerSummengleichungMaßerweiterungDatensichtgerätComputeranimation
14:05
E-MailNichtlinearer OperatorDatenmissbrauchInternetworkingFreier LadungsträgerZahlenbereichE-MailLeckWeb SiteMobiles InternetDatenmissbrauchOSS <Rechnernetz>Mailing-Liste
15:11
E-MailFreier LadungsträgerWeb-SeiteNeuroinformatikZahlenbereichDateiformatCodeAutomatische HandlungsplanungPay-TVSummengleichungComputeranimation
16:07
DigitaltechnikRegulärer GraphMultiplikationsoperatorFreier LadungsträgerInternetworkingDialektSoftwareschwachstelleSystemaufrufEinfach zusammenhängender RaumRechter WinkelZahlenbereichZweiGüte der Anpassungsinc-FunktionComputeranimation
16:54
Demo <Programm>Rippen <Informatik>SystemaufrufZahlenbereichInternettelefonieEinfach zusammenhängender RaumService providerDialektComputeranimation
17:23
ModemZahlenbereichTouchscreenNeuroinformatikEinfach zusammenhängender RaumComputeranimation
17:53
SoftwareEinfach zusammenhängender RaumFreier LadungsträgerSummengleichungOrdnung <Mathematik>
18:23
PunktSummengleichungOrdnung <Mathematik>Bildgebendes VerfahrenBrowserSystemaufrufComputeranimation
19:00
ProtokollierungBildgebendes VerfahrenMessage-PassingSummengleichungEINKAUF <Programm>BitComputeranimationBesprechung/Interview
20:01
Inverser LimesDirekte numerische SimulationAbfrageServerVirtuelles privates NetzwerkUDP <Protokoll>BitWeb-SeiteFreier LadungsträgerGoogolOffene MengeServerPay-TVRegulärer GraphEinfach zusammenhängender RaumDirekte numerische SimulationNetzadresseAbfrageInternetworkingBenutzerbeteiligungComputeranimationBesprechung/Interview
21:54
InternetworkingInverser LimesInternetworkingSoftwareDigitalisierungComputeranimation
22:41
Nichtlinearer OperatorRechnernetzZahlenbereichZweiCASE <Informatik>SoftwareAutomatische HandlungsplanungMobiles EndgerätOSS <Rechnernetz>DigitalisierungDifferenzenrechnungKrümmungsmaßBitrateFreier LadungsträgerComputeranimation
24:24
ZeitreihenanalyseSoftwareZahlenbereichComputeranimation
24:52
ZahlenbereichData MiningZweiSchießverfahrenSoftwareCASE <Informatik>SummengleichungComputeranimation
25:34
Automatische HandlungsplanungDigitalisierungZahlenbereichComputeranimation
26:06
SummengleichungZahlenbereichSoftwareComputeranimation
26:48
BitrateFreier LadungsträgerDialektDigitalisierungSystemaufrufAutomatische HandlungsplanungZahlenbereichMultiplikationsoperatorComputeranimation
27:24
ZahlzeichenSystemaufrufZahlenbereichDigitalisierungFreier LadungsträgerSystemaufrufDialektComputeranimationBesprechung/Interview
28:28
FehlermeldungSoftwaretestFreier LadungsträgerPay-TVBitrateDienst <Informatik>Message-PassingDigitalfilterSimulationAuthentifikationDatenmissbrauchSoftwaretestHumanoider RoboterGebäude <Mathematik>FehlermeldungAuthentifikationSimulationFreier LadungsträgerPay-TVBitrateZahlenbereichMessage-PassingDienst <Informatik>EinsVerkehrsinformationComputeranimation
29:46
ZahlzeichenElektronische PublikationDialektAuthentifikationComputeranimation
30:14
Neuronales NetzPasswortRandomisierungPhysikalischer EffektZahlenbereichFreier LadungsträgerDatensatzSoftwareMultiplikationsoperatorRechter WinkelPhysikalisches SystemSchlüsselverwaltungSummengleichungPlastikkarteCASE <Informatik>Computeranimation
33:02
AuthentifikationMessage-PassingDigitalfilterSimulationDatenmissbrauchAuthentifikationE-MailAdressraumTwitter <Softwareplattform>Computeranimation
Transkript: Englisch(automatisch erzeugt)
00:00
So, my name is Bogdan Alekou, and the topic for today would be business logic flows in mobile operator services. For those that don't know me, a few things about me. I work as a system administrator as day job, and during my free time when I have it, I like to break a lot of mobile related stuff. I started on this path a couple of years
00:27
ago with monitoring GSM networks by using net monitor tool from an all Nokia phone, and then continued with voice over IP and finally got to GSM and mobile phones. If you want
00:43
to keep in touch with me, you can find me on Twitter or on my website. So, the goals for today would be for you to have a really high overview regarding SIM toolkit, what it is, how can we exploit it. Then I'm going to present you a couple of business logic
01:01
flows I've identified on some carriers, and I think you're going to find them really interesting. And also in the end, if there is a way to protect from this attacks that I'm going to show you. So, we're going to cover SIM toolkit, HTTP headers, data
01:21
traffic, extra digit and summary at the end. So, who has heard about SIM toolkit? Okay. To keep it simple, think about it as a platform for the carriers in order that they use
01:42
it in order to install applications on your SIM card. This is how SIM toolkit icon looks like on an Android device. On some other devices, you might find them like an extra menu with the carrier's name, like orange Vodafone and so on. And from this SIM toolkit
02:02
menu, you can find things like exchange rates, the weather, how is the weather like, or calling customer support, so different activities. And if you think about it, it's a pretty good thing because you have these applications on your SIM card, and no matter what phone
02:23
you use and you put your SIM card in, you'll still have these applications, so you don't need to install anything else in order to have them. Since these applications sit on your SIM card, the carrier has a way to update these applications or modify them
02:41
or delete them and so on. So, for example, if the customer support number changes, the carrier will send an over‑the‑air update, which is basically a text message to your SIM card, saying that the SIM card should update the phone number for the customer
03:01
support. This message is kind of special message, a common message. And in order to have this common message, they make use on the SMS of the user data header. The same user data header is used in cases like when you go over the 160 characters limit and
03:25
you go concatenated messages, so you have two messages which are concatenated into one message, and this makes use of the user data header. Of course ‑‑ and also in cases for who remembers the old Nokia ringtones, they also used user data header.
03:43
This is how the common packet looks like for such SIM toolkit SMS. So, as I said, you have the user data header and then some other fields, like common packet length, common header length, security parameter indicator and so on. The most important one that
04:02
I want you to keep in mind is this security parameter indicator. The number that you see below represents the number of bytes each element has. So, all these specifications
04:22
can be found on GSNspecs. In order to also have this command, you also add other two important fields, data coding scheme and protocol ID. By setting the protocol ID to 7F, it means that you do a SIM data download and data coding
04:48
scheme to F6 means that this type of text message is directly addressed to your SIM card. So, according to the GSN specification, what will happen when you receive such a common
05:03
message, the phone will transparently pass this SIM message, this common message to your SIM card and will not alert you in any other way. So, basically, when your carrier sends this common message saying, okay, I want to update the number for the customer support, you will have no idea that you have just got a text message. And I told you, keep
05:29
in mind security parameter indicator. So, you are sending this comment, but you need some kind of acknowledgement to know that this common message has been received. And this is called proof of receipt, which can be set in the first two bits. If you set
05:47
it, for example, to 01, it means that you always want to get a proof of receipt. So, no matter if there was an error or there wasn't any error, you will always get a proof of receipt. And how you get it, you set it in the bit number 6, and there are two ways
06:02
of getting this proof of receipt back. By SMS submit, which means by a regular text message, which is sent by our SIM card, or by SMS delivery report, which is like a delivery report when you send a text message and you want to know if the target person
06:21
has received your text message. So, again, we have this structure, and we need to fill in the elements. The user data header, the protocol ID, the data calling scheme I have presented you, and then the others. And as you would imagine, in order to make this
06:43
update of the customer support number, you need to have some proper security keys. But if you look at this example, you will see that ciphering keys that are KIC are set to zero, because I do not care about ciphering keys at all. Why? Because of the security
07:04
parameter indicator. If we drill down to this security parameter indicator, you will see the first two bits are set to 01, meaning that I want to get a proof of receipt, always get a proof of receipt, and I want it to get by a text message. So, basically, if
07:23
I'm going to send this text command message to you, what will happen, it will get to your phone, the phone will pass it to the SIM card, the SIM card will try to execute it, it will see that I don't have any proper security keys, but in return, it will send me back a text message without you controlling it, without you even knowing it. And in order
07:48
to make sure that how the things are like, here is a screenshot of a Wireshark capture, and as you see, the comment is to send short message, and it has been initiated
08:02
by the card application toolkit, so it wasn't a human initiated action. So, SIM card automatically replies to the sending number, there is nothing in your inbox, nothing in your outbox, basically you will have no idea that your SIM card has just sent a text
08:21
message back to me. Only if you look at the, on your bill, on your detailed call records, you will see that sometimes your SIM card has just sent a text message to someone. So, let's see it in action. So, here I have the destination number, I
08:58
have the user data header, the binary data, the fields that I filled in, the protocol
09:05
ID, and the data calling scheme. And I have the target phone. On this phone, this is a prepaid phone, and there are, there is, its balance is zero, so I have no credit on it. So, it will try to send a text message, but since it has no balance, I will
09:24
get a text message from the carrier saying, hey, you don't have any credit, you need to refill. Okay. Now, once I submit this, it says sending. And there is no way to
09:58
stop this, I can push any button, the SIM card just sends, tries to send a text message.
10:07
You cannot control it, and it keeps trying to send. If I hadn't looked at it, I would have no idea it just did this. So, if it's in your pocket, you will have no idea that your SIM card is trying to send a text message. And I also got some text messages from my
10:25
carrier saying you do not have enough credit for sending SMS to this number, please recharge your account. But I didn't send any text message by myself. The SIM card tried to do so. So, maybe you will think that, okay, this is maybe not something, I don't know,
10:50
important. Let's say I can make your SIM card send a text message back to me. Well, maybe that's not a big deal, but let's think on some other way. So, let's say,
11:20
you know, there are services that allows you to send a text message from any number.
11:26
So, you can send someone a text message coming from whatever number you want. Now, let's say you also have a premium rate number, international premium rate number, and you send a comment message coming from the premium rate number to some target phone number. What
11:44
will happen, the target phone number will send back a text message to the premium rate number you have. So, you're paying like a couple of cents for sending a text message and in return you get 20 times more. So, it's a pretty good conversion rate, right?
12:03
And the target phone, as I told you, some phones don't even show that there is a text message sending in progress, even if you keep your eyes on them. So, until you will get your monthly bill, you will have no idea how you have just sent text messages to premium
12:23
rate numbers. Now, let's talk a little bit about HTTP headers. The easiest way you can think about them is by identifying the browser you're using. So, if you're browsing from
12:40
Firefox, let's say, that browser will have specific HTTP headers. If you're browsing from Safari, it will have other headers and so on. Now, with this in mind, there are some ‑‑ most of the carriers have a mobile page where you can find your balance, you can change your services, you can download ringtones, videos and whatever. This page
13:06
address is usually m.carrier.com, so the carrier name. If you try to access that page from your computer, you will most probably get something like this. So, they will detect
13:20
that you're not connected to their network and they tell you, okay, you have to connect to our network in order for us to show you the page. But in some cases, if you pretend to be browsing from a mobile device, they will display this page. So, what I did was to use a Firefox extension called user agent switcher and I identified myself as an OKE71
13:46
phone. And once I did that, I got the display page of ‑‑ or the mobile page of the carrier. But it was just a general page because I was not authenticated, so I could not see any balance. I could not download any ringtones. I couldn't do anything. Well, this is how
14:07
the things are starting to get interesting. The operators, the carriers know how to charge based also on HTTP headers. So, the idea was to, well, sniff all the traffic that
14:21
my phone does and see if there are any HTTP headers specifically identifying my phone number. But I failed at it because there weren't any HTTP headers. Then after some more digging, I found a research paper by Colin Molyneux called privacy leaks in mobile
14:40
phone Internet access where he noticed that when someone from a mobile device was accessing his website, that carrier was also sending the phone number. So, he did a list with all the HTTP headers that the carrier was sending and published it and the carriers
15:02
no longer ‑‑ are no longer sending these HTTP headers. Okay. So, they are not sending the headers. But what if I will inject the headers in the traffic? So, I chose a couple of HTTP headers which identified the phone number. And as their value, it is
15:24
the phone number in international format, so with the country code. So, now I can access that mobile page of the carrier from my computer by identifying myself as a mobile device. And I can also authenticate myself by injecting these HTTP headers. And what happens now,
15:43
I can see anyone else's balance. I can change their subscription plan. I can refill any other account and stuff like this, whatever carrier allows me to do so. And some carriers are even tying up the phone number with the bank account. So, you can even see the bank
16:03
details of that specific customer. But I didn't stop here. Remember when there was a time we had to call Internet with our phones? Well, I was surprised to see that there are still carriers who still have CSD. So, think about it just like a dial‑up
16:25
connection from your phone, right? So, the carrier has dial‑in number. You set up a dial‑up connection from your phone to that number and you're browsing the Internet with 9.6 kilobits per second, which is around one kilobyte per second. Pretty good
16:41
speed, right? Well, but since it's just a phone call, it also has the vulnerabilities of a phone call, which are caller ID spoofing. Now, I'm going to talk about the connection. Now, guess what was my reaction when I first set up a dial‑up connection
17:01
to a voice over IP provider, which was spoofing my caller ID and then forwarding the call back to the dial‑in number and I was authenticated. So, this is just
17:28
the target phone. It's the screen of the target phone. And also, I have connected a mobile phone via Bluetooth because I want to have a GSM modem attached to my computer.
17:43
So, first, I'm calling myself on my own number with my own number. So, this is what it means, own number. So, this works. Then, I'm making up the dial‑up connection. As you see, I'm using a pretty old Nokia phone and I'm connected to the carrier's
18:03
network. What is the goal of this? Well, if I do the caller ID spoofing, will I be authenticated like any other user and incur charges to that target account?
18:21
So, once I'm registering to the network, I'm going to check for my balance in order to see the initial balance and the after attack balance. So, the current balance is 6.05 euros. Next, I'm going to choose something to download and I'm choosing
18:41
some image. It goes pretty slow because, remember, I'm browsing with one kilobyte per second, so ‑‑ and it also goes ‑‑ the call goes internationally. So, okay.
19:02
I'm choosing some image which costs 1.99 euros. And once I click buy now, I will get a text message on the target phone. So, the thing worked, apparently. And it says thank
19:21
you for your purchase and so on. So, now I'm going to check again for the balance. So, previously I had 6.05 and this one costed 1.99. So, now I should have 4.06 euros. Okay. And indeed I have 4.06 euros. So, the attack was successful. Just by spoofing
19:59
the caller ID, I was authenticated like any other customer. Let's talk a little bit
20:20
about data traffic. Let's say you have a prepaid account and you have some data
20:28
included in your subscription. You have no more money on your account and you have finished all your data in the subscription, what will happen? Will you still be able to have data connection? Well, you will still be able to have data connection, but
20:46
the only page you will be able to browse will be the carrier's web page, because maybe you want to do a refill and browse again the internet. While I had no more money in my account, then I thought, well, what would happen if I perform a DNS query?
21:05
So, I tried to find the IP address of Google.com and I got a reply from the DNS that my carrier was using. Okay, that works, but what happens if I use open DNS servers? And I also got a reply from open DNS servers, although I could not browse any web page,
21:25
but the DNS replies worked. So, then I thought of this. What if I set up a VPN server on my cable connection at home and make that server run on port 53 UDP, which is the DNS port, and then set up the VPN connection from my phone to my server?
21:45
So, think about it just like a regular VPN connection, but this VPN server is on port 53 UDP. And guess what happens? You have free internet. And even though
22:04
I had a speed limit, now with this method, the speed limit is gone. But I didn't stop here. Since I'm living near the border at home, I thought, okay, what happens if I force my phone to connect to a network across the border and try the same? And it also
22:26
works in roaming. So, right now, instead of paying $12 per megabyte, I'll let you guess how much I'm paying. Next, the extra digit. I'm pretty sure you have here a flat
22:49
rate plan with unlimited minutes inside your operator's network. So, if you're from Verizon, you will have unlimited minutes in Verizon. But if you call to AT&T, for example, you
23:01
will not have unlimited minutes. And you also have mobile number portability. So, you can transfer your current number to a different operator. Well, let's think of this scenario. You have two mobile numbers, two phone numbers, into an A operator. And you decide to
23:21
transfer the second number to the B operator. If you're calling now from the first number to the second number, you will be charged like calling across the network from A to B. But in some cases, if you dial the same second number but add some extra digits at the end
23:40
of it, the carrier will have no idea that the number has been transferred. So, you will be billed like calling inside the same A operator. And also, it also works the other way around. So, if you have two different numbers in two different networks and you decide to transfer the second number to the A network, if you're going to call with the extra
24:04
digit, you will pay more because it will not know it's in the same network as yours. So, on this side, it's not so good. But if you have them on different networks,
24:20
then it will be even good. So, let's see how that worked. So, here I have 2,077 minutes
24:43
inside my whole network and 58 minutes, national minutes and international minutes. So, what I'm going to do, I'm going to call a regular 10-digit number which has been transferred in the same network as mine. So, it's the second case scenario where I
25:02
am paying more than I should. Now, I'm going to check again for my balance. And now
25:42
I have 2,076 minutes. So, one minute has gone from the national minute plan. Now, I'm going to dial the same number again but add two extra digits at the end of it.
26:01
I'm going to add one five at the end. Okay. I'm going to hang up, check again for the balance. And now, I should have 2,075 minutes, national minutes. But the national
26:29
minutes have been the same and you see it has been deducted from the 57 minutes even though this number is in the same network. So, I wasn't deducted from this minutes but
26:42
from the minutes to other networks. And what's even funnier is that on some carrier, this P, first when I dial the number, you see it has a P at the end which means it
27:00
has been transferred. And it has been deducted my call from the 150 national minutes. The second time, I added two extra digits and this one means unknown. So, I have been deducted from the unknown plan which means I will get to talk free for this important number even though I do not have unlimited calls. And if that doesn't work,
27:27
try with all of the digits. One carrier was working, worked with this attack only if I had used one digit and that digit had to be number two. I have no idea why but
27:41
if I put two, then it worked. Well, after reporting this, the carriers, most of them have fixed it. So, now when I'm calling with the extra digit, I get a voice prompt back saying, you have dialed the wrong number. So, I can no longer dial myself the wrong number but how can I make the carrier dial the number instead of me? Well, it's
28:05
pretty simple. Make call forwarding for all calls and to the call forwarding destination put the wrong number. And once your call will reach to that forwarded number, your carrier will successfully dial the wrong number for you. So, it will still work.
28:27
As a summary, I like to start with some reply I got from customer support. Our technology does not allow unauthorized access. Occurrence of errors in billing regarding data traffic
28:40
or voice is excluded because of their technology. Okay. Alien technology or test yourself all of this and maybe report them to your carrier. Check if your carrier allows you to disable premium rate numbers access. This way, you will at least be protected from
29:03
the SIM toolkit command attack. The carriers can filter all this SIM toolkit messages but until now, I haven't found any of them that will do this because they could say only allow SIM toolkit messages that are coming from specific numbers and the other
29:26
ones, just drop them. Also, do not rely on the caller ID. There are still a lot of services that rely on caller ID and they consider this as a good authentication.
29:41
This is really not proper authentication. Do a proper authentication. And to show you an example of some really good authentication, I don't know why sound is not working.
30:16
I don't know if you're going to hear it. So, basically, what I'm doing now, I'm calling
30:54
the customer support of some carrier in the U.S. and I'm using Skype because it's
31:03
calling the customer support from a different network. It will ask you to authenticate by entering your number. Your number, right? So, it has some kind of protection. It has
31:38
the password I need to enter. Well, what do I have to lose? Let's enter some passwords,
31:43
random passwords. Maybe better luck next time. Maybe third time. I don't know if we
32:33
implemented this, but I love this guy. Usually, on the third failure attempt, you get kicked out, but in this case, on the third failure attempt, they let you in. How cool is that?
32:44
If I knew that previously, I wouldn't write it on so many way systems. Really. Just enter three wrong passwords and you are in. Okay. Okay. To summarize, this is the
33:04
good authentication. So, thank you very much for your attention. I hope you enjoyed all the things I showed you. If you have any questions, you can follow me on Twitter, send me an e-mail address or on my website. Thank you once again.