Is 2FA using SMS Secure?

In case you were still in doubt after this SIM port horror story from back in May:

  • We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap.
  • We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers.
  • We reverse-engineered the authentication policies of over 140 websites that offer SMS-based authentication, and rated the vulnerability level of users of each website to a SIM swap attack.
  • We found 17 websites on which user accounts can be compromised based on a SIM swap alone.

Is SMS 2FA Secure? →

🔐 Do note that 2FA using an Authenticator App/Device – I use Google Authenticator – to get a TOTP still is secure. The problem with SMS is the carriers that swap your phone number to another SIM without properly verifying things.

Keystroke Recognition Using WiFi Signals

WiKey

We’re all doomed:

In this paper, we propose a WiFi signal based keystroke recognition system called WiKey. WiKey consists of two Commercial Off-The-Shelf (COTS) WiFi devices, a sender (such as a router) and a receiver (such as a laptop). The sender continuously emits signals and the receiver continuously receives signals. When a human subject types on a keyboard, WiKey recognizes the typed keys based on how the CSI values at the WiFi signal receiver end.

Obviously that must not be accurate at all, right? Erm, wrong:

WiKey achieves more than 97.5% detection rate for detecting the keystroke and 96.4% recognition accuracy for classifying single keys. In real-world experiments, WiKey can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5%.

Keystroke Recognition Using WiFi Signals (Paper) →

Introducing Paper

Paper takes the standard Facebook News Feed and recreates it as an immersive, horizontally scrolling set of screens. It also provides a new way to post to Facebook (and Paper) with an elegant WYSIWYG editor that borrows the styling of Medium’s and Svbltle’s blogging systems. Finally, yes, it’s a news-reading app that owes some of its looks to Flipboard. It will be available for the iPhone in the US (and only the iPhone in the US) on February 3rd. It’s also ad-free, at least for now.

Hoping won’t take too long before us Europeans get this.

Introducing Paper →

(via)

Paper: Selecting good still frames from a video

In this paper, we train a computer to select still frames from video that work well as candid portraits. Because of the subjective nature of this task, we conduct a human subjects study to collect ratings of video frames across multiple videos. Then, we compute a number of features and train a model to predict the average rating of a video frame.

Pretty neat results!

Download the paper →
Candid Portrait Selection From Video →