'

SMS tokens are vulnerable to interception, experts warn

SMS tokens used to validate payments could be targeted by criminals as they open up more vulnerabilities in the mobile channel, RSA has warned

Attacks on mobile phones will increase this year as criminals attempt to intercept SMS-based authentication tokens, according to security company RSA.

The tokens are designed to complement username and password log-in checks by requiring users to validate payments with unique numerical codes, in this instance sent by SMS. The Commonwealth Bank of Australia claims to have 80 percent of its customer base using tokens to validate third-party payments via SMS or through safer handheld token number generators.

However, RSA has said in a 2011 predictions report that sending tokens via SMS will make phones a target. "The use of out-of-band authentication SMS... as an additional layer of security adds to the vulnerabilities in the mobile channel," the company said in its report. "A criminal can... conduct a telephony denial-of-service attack which essentially renders a consumer's mobile device unavailable."

For more on this ZDNet UK-selected story, see SMS bank tokens vulnerable: RSA on ZDNet Australia.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.