NIST Declares Two-Factor Authentication Using SMS Texts Insecure

Today's topics include a government agency's report that two-factor authentication via SMS is insecure, the United Kingdom's decision to allow Amazon to test its drone delivery service, the newest addition to IBM's all-flash storage offerings and Edward Snowden's idea for a mobile phone case that guards against electronic snooping.

While Google has encouraged users to enable two-step authentication within Google Apps, to add "an extra layer of security," the U.S. National Institute of Standards and Technology updated it Digital Authentication Guidelines July 27 and now reports that two-factor verification over SMS isn't secure and should be banned.

The institute wrote, “If the out-of-band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VOIP (or other software-based) service.

"It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change."

NIST does approve, however, of authentication via multi-factor one-time passwords, where the second authentication factor is biometric, like a fingerprint, or input with an entry pad or interface such as through a USB port.

Amazon and British aviation authorities have reached agreement on a series of tests of drones designed to deliver packages to customers.

The new drone tests will include operations beyond the line of sight of the operator, which currently is prohibited in the United States. Other tests will include sensor performance to test whether the drones can see and avoid obstacles, and tests on how well one operator can control multiple drones.

Amazon plans to try out a number of different drone designs and delivery mechanisms, said Kristen Kish, an Amazon spokesperson. However, she wasn't willing to go into too many details about the company's research.

A year and a half ago, IBM announced its commitment to developing its own NAND flash storage lineup by investing a full $1 billion into research and development for this storage technology.

The results of that initiative continue to emanate from Armonk, N.Y., and they will for a while to come. Big Blue on July 26 unveiled its latest all-flash array, the DeepFlash 150, designed to process big data workloads in a cost-effective manner. With the DeepFlash 150, IBM now offers a flash array portfolio that covers almost all types of workloads.

Edward Snowden, the fugitive former National Security Agency contractor who is wanted in the U.S. for leaking classified U.S. government information about the agency's operations and capabilities in 2013, is now at work designing a special iPhone 6 case that aims to prevent data interception by snoopers, such as governments' spy agencies.

Snowden, along with colleague Andrew "bunnie" Huang, recently unveiled – by teleconference - the special case concept at a one-day "Forbidden Research" conference at the Massachusetts Institute of Technology's Media Lab.

Snowden proposes the special case to help protect high-profile journalists from being spied upon by foreign governments as they cover stories, the story reported.

The special case is essentially a protective hardware device that would wrap around an iPhone and "alert a person whenever that handset leaked location data.”

Top White Papers and Webcasts