Security of SMS Must Become A Priority

Posted Aug 2018

The ubiquity of text messaging is really quite remarkable. Today, and all over the world, the text message is used by thousands of businesses to confirm deliveries, manage appointments and authenticate log-ins.

Sending a text message with a code to authorise a log-in is used by companies as new wave as Google, and as established as the UK’s Customs and Revenue organisation. Increasingly, text messages are used by banks.

In the last month, some UK banks began writing to customers to advise that the Verified by Visa scheme they had been using for online banking and payments was about to change. Instead of needing to remember some elements of their password to enter into the on-screen dialogue box, customers would now receive a one-time passcode by text to enter into the system.

The first stage of this process has begun with banks reaching out to their customers to check that they had the right mobile phone contact details. One thing is clear from all this activity and that is that banks, businesses, government bodies and countless other enterprises like the ease of use of the text message as a communications and confirmation tool – what’s perhaps even more important is that consumers like it as well.

This is not a market that any of its users wish to see end anytime soon. All the more important therefore that the mobile community takes the right actions to ensure its security. This is a trusted communications tool, that actually has not done quite enough yet to deserve that trust.

The security weakness in the SS7 signalling system and the interconnect used by telcos and businesses to send and receive text messages means this authentication system is open to abuse. We saw evidence of this last year in Germany when authentication text messages from a bank where intercepted by hackers and consumer bank accounts raided in an overnight fraud attack.

It has become imperative for signalling firewalls to be put in place on every network to prevent fraudulent attacks and protect the authentication system. Failure to do so will see consumers lose trust in SMS, and enterprises turn to other methods of authentication. Nobody involved in this chain wants that to happen – not the consumers, not the businesses, and not the operators.

Currently, only around 10 per cent of mobile networks have the right protection in place. Here at Evolved Intelligence we are busy rolling out our signalling firewall across the entire estate of Europe’s biggest mobile operators – extending that coverage and protection to almost 300 million consumers. It is a good start. But there is lot of work still to be done and a lot of business still at risk.