NIST Declares Two-Factor Authentication Using SMS Texts Insecure

 
 
By eWEEK Staff  |  Posted 2016-07-28 Print this article Print
 
 
 
 
 
 
 

DAILY VIDEO: NIST says SMS-based two-factor authentication isn't secure; the UK approves Amazon's plan to run delivery drone tests banned in the U.S.; IBM bolsters its all-flash storage lineup with DeepFlash 150; and there's more.

 
Windows 10 Creators Updates Includes New Security Features

DAILY VIDEO: Microsoft bolsters security features in windows 10 creators update; Dynamics 365...

AT&T 5G Wireless Trial Handles Streaming 4K HD Video, Camera Feeds

DAILY VIDEO: AT&T's first 5G business trial handles new high speed mobile apps; SCOTUS trims...

Amazon Shows Off Grocery Store Without Checkout Counters

DAILY VIDEO: Amazon unveils no-checkout POS system for early 2017; Google patches Android for 74...

Avalanche Botnet Shut Down by International Law Enforcement Action

DAILY VIDEO: Avalanche botnet disabled by law enforcement; Google launches continuous testing service...

More than 1 Million Android Devices Infected by 'Gooligan' Trojan

DAILY VIDEO: 'Gooligans' malware infects more than 1.3 million Android devices; Firefox patched for...

Azure Cloud Flaw Posed Hacking Risk to RHEL Virtual Machines

DAILY VIDEO: Microsoft Azure flaw posed RHEL hacking risk; Google explores use of machine learning to...

Microsoft Readying New Smartphone Models for Late 2017, Reports Say

DAILY VIDEO: Microsoft readying new mobile device push in 2017, reports say; Cisco extends security...

San Francisco Transit Agency Gets Back Online After Ransomware Attack

DAILY VIDEO: Cyber-attack knocks out San Francisco transit system fare terminals; Cisco extends...

Recount in Wisconsin Unlikely to Reveal Vote System Fraud, Hacking

DAILY VIDEO: Election recount unlikely to reveal evidence of vote system hacking; Mimecast brings...

Microsoft Sets Sights on Building Practical Quantum Computer

DAILY VIDEO: Microsoft Starts Quantum Computer Development Program; Cerber Ransomware Expands...



Read more about the stories in today's news:

 
 
 

Today's topics include a government agency's report that two-factor authentication via SMS is insecure, the United Kingdom's decision to allow Amazon to test its drone delivery service, the newest addition to IBM's all-flash storage offerings and Edward Snowden's idea for a mobile phone case that guards against electronic snooping.

While Google has encouraged users to enable two-step authentication within Google Apps, to add "an extra layer of security," the U.S. National Institute of Standards and Technology updated it Digital Authentication Guidelines July 27 and now reports that two-factor verification over SMS isn't secure and should be banned.

The institute wrote, “If the out-of-band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VOIP (or other software-based) service.

"It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change."

NIST does approve, however, of authentication via multi-factor one-time passwords, where the second authentication factor is biometric, like a fingerprint, or input with an entry pad or interface such as through a USB port.

Amazon and British aviation authorities have reached agreement on a series of tests of drones designed to deliver packages to customers.

The new drone tests will include operations beyond the line of sight of the operator, which currently is prohibited in the United States. Other tests will include sensor performance to test whether the drones can see and avoid obstacles, and tests on how well one operator can control multiple drones.

Amazon plans to try out a number of different drone designs and delivery mechanisms, said Kristen Kish, an Amazon spokesperson. However, she wasn't willing to go into too many details about the company's research.

A year and a half ago, IBM announced its commitment to developing its own NAND flash storage lineup by investing a full $1 billion into research and development for this storage technology.

The results of that initiative continue to emanate from Armonk, N.Y., and they will for a while to come. Big Blue on July 26 unveiled its latest all-flash array, the DeepFlash 150, designed to process big data workloads in a cost-effective manner. With the DeepFlash 150, IBM now offers a flash array portfolio that covers almost all types of workloads.

Edward Snowden, the fugitive former National Security Agency contractor who is wanted in the U.S. for leaking classified U.S. government information about the agency's operations and capabilities in 2013, is now at work designing a special iPhone 6 case that aims to prevent data interception by snoopers, such as governments' spy agencies.

Snowden, along with colleague Andrew "bunnie" Huang, recently unveiled – by teleconference - the special case concept at a one-day "Forbidden Research" conference at the Massachusetts Institute of Technology's Media Lab.

Snowden proposes the special case to help protect high-profile journalists from being spied upon by foreign governments as they cover stories, the story reported.

The special case is essentially a protective hardware device that would wrap around an iPhone and "alert a person whenever that handset leaked location data.”

 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel