It is absolutely insane that that is not the case everywhere else.
This is such an obvious attack vector out there in the open that it even undermines other basic security practices.
Here we are in 2022 and a trivial spoof like this is still totally open. Even email doesn’t have this problem anymore with the advent of better anti spam services.
Sender ID probably predates SMS verification by a decade, if not more. So who is ‘insane’ here, the operators that allow alphanumeric sender ID, or the engineers who designed a second factor based on assumptions that only hold inside the US?
I don’t understand what you mean in the second part of your question. But setting the sender Id, even if only numerical like it was a couple of decades ago, was always meant to be a technology actively and highly moderated by operators.
It was never the case that anyone with a phone could easily spoof a number. And you couldn’t just put any number there.
Of course, if the call comes from abroad, then it falls outside the realm of the operator enforcement, but that is what country codes are for.
That one can get a message with the exact name of a known bank fromnhard tontraxk sender’s so easily, it’s absolutely a case of a poor set up.
Countries should enforce registration and verification procedures to use the ID. As it is, people are unprotected.
The is exactly why alphanumeric senders are not allowed in USA and Canada
It is absolutely insane that that is not the case everywhere else. This is such an obvious attack vector out there in the open that it even undermines other basic security practices.
Here we are in 2022 and a trivial spoof like this is still totally open. Even email doesn’t have this problem anymore with the advent of better anti spam services.
Sender ID probably predates SMS verification by a decade, if not more. So who is ‘insane’ here, the operators that allow alphanumeric sender ID, or the engineers who designed a second factor based on assumptions that only hold inside the US?
I don’t understand what you mean in the second part of your question. But setting the sender Id, even if only numerical like it was a couple of decades ago, was always meant to be a technology actively and highly moderated by operators.
It was never the case that anyone with a phone could easily spoof a number. And you couldn’t just put any number there. Of course, if the call comes from abroad, then it falls outside the realm of the operator enforcement, but that is what country codes are for.
That one can get a message with the exact name of a known bank fromnhard tontraxk sender’s so easily, it’s absolutely a case of a poor set up.
Countries should enforce registration and verification procedures to use the ID. As it is, people are unprotected.