NIST Declares Two-Factor Authentication Using SMS Texts Insecure

 
 
By eWEEK Staff  |  Posted 2016-07-28 Print this article Print
 
 
 
 
 
 
 

DAILY VIDEO: NIST says SMS-based two-factor authentication isn't secure; the UK approves Amazon's plan to run delivery drone tests banned in the U.S.; IBM bolsters its all-flash storage lineup with DeepFlash 150; and there's more.

 
Cisco Extends Network Security Portfolio With Firepower 2100 Series

DAILY VIDEO: Cisco provides more firepower to security portfolio; Google to allow independent audit...

Harris Poll Shows Samsung Reputation Hurt by Note7 Smartphone Recall

DAILY VIDEO: Samsung's reputation hurt in latest Harris poll after Note7 debacle; Kubernetes...

New LG G6 Smartphone to Feature Side-by-Side FullVision Display

DAILY VIDEO: LG G6 smartphone getting side-by-side FullVision display; Azure SQL database threat...

Verizon, Yahoo Agree to Reduce Buyout Price to $4.55 Billion

DAILY VIDEO: Verizon negotiates down to $4.55B for Yahoo transaction; Congressional staffers see...

Google Tells RSA Show Audience How it Secures a Billion Android Users

DAILY VIDEO: How Google secures over a billion Android users; Amazon moves into teleconferencing...

Oracle Appeals Ruling in Java Infringement Dispute With Google

DAILY VIDEO: Oracle revives Java copyright infringement dispute with Google; Apple to Mark Smartphone...

Trump Administration Holds Back Executive Order on Cyber-Security

DAILY VIDEO: White House withholds cyber-security order for further revision; Cortana to help Windows...

Kaspersky Finds New Malware Designed to Hide in Memory, Steal Data

DAILY VIDEO: Kaspersky discovers new malware designed to stealthily steal data; Microsoft to shield...

U.S. Court Orders Google to Turn Over Data Stored on Overseas Servers

DAILY VIDEO: Federal court says Google must turn over data in foreign servers; Cisco report: mobile...

Leak of Windows 10 Cloud Suggests Microsoft Readying Chrome OS Fighter

DAILY VIDEO: Windows 10 Cloud leak points to potential Chrome OS fighter; TiVo's analytics pinpoint...



Read more about the stories in today's news:

 
 
 

Today's topics include a government agency's report that two-factor authentication via SMS is insecure, the United Kingdom's decision to allow Amazon to test its drone delivery service, the newest addition to IBM's all-flash storage offerings and Edward Snowden's idea for a mobile phone case that guards against electronic snooping.

While Google has encouraged users to enable two-step authentication within Google Apps, to add "an extra layer of security," the U.S. National Institute of Standards and Technology updated it Digital Authentication Guidelines July 27 and now reports that two-factor verification over SMS isn't secure and should be banned.

The institute wrote, “If the out-of-band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VOIP (or other software-based) service.

"It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change."

NIST does approve, however, of authentication via multi-factor one-time passwords, where the second authentication factor is biometric, like a fingerprint, or input with an entry pad or interface such as through a USB port.

Amazon and British aviation authorities have reached agreement on a series of tests of drones designed to deliver packages to customers.

The new drone tests will include operations beyond the line of sight of the operator, which currently is prohibited in the United States. Other tests will include sensor performance to test whether the drones can see and avoid obstacles, and tests on how well one operator can control multiple drones.

Amazon plans to try out a number of different drone designs and delivery mechanisms, said Kristen Kish, an Amazon spokesperson. However, she wasn't willing to go into too many details about the company's research.

A year and a half ago, IBM announced its commitment to developing its own NAND flash storage lineup by investing a full $1 billion into research and development for this storage technology.

The results of that initiative continue to emanate from Armonk, N.Y., and they will for a while to come. Big Blue on July 26 unveiled its latest all-flash array, the DeepFlash 150, designed to process big data workloads in a cost-effective manner. With the DeepFlash 150, IBM now offers a flash array portfolio that covers almost all types of workloads.

Edward Snowden, the fugitive former National Security Agency contractor who is wanted in the U.S. for leaking classified U.S. government information about the agency's operations and capabilities in 2013, is now at work designing a special iPhone 6 case that aims to prevent data interception by snoopers, such as governments' spy agencies.

Snowden, along with colleague Andrew "bunnie" Huang, recently unveiled – by teleconference - the special case concept at a one-day "Forbidden Research" conference at the Massachusetts Institute of Technology's Media Lab.

Snowden proposes the special case to help protect high-profile journalists from being spied upon by foreign governments as they cover stories, the story reported.

The special case is essentially a protective hardware device that would wrap around an iPhone and "alert a person whenever that handset leaked location data.”

 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel