This idea came up when I saw a guy in the train today, carrying a cardboard box with a number written on it.
I stared at the box, and it took a short while before I realised the number was a phone number. I wondered why that was, and then it occurred to me that maybe the guy carrying the box was the recipient of the box. Maybe the phone number on the box was used to call him up to say his parcel was waiting for him...
And then I realised that the number could also have been used to authenticate him when he showed up to collect his parcel. Suppose a caretaker is responsible to hand over parcels to the rightful recipient. All the caretaker knows is the mobile phone of the recipient. The caretaker also has a phone, whose number is secret. If a recipient shows up to claim a parcel, the caretaker simply asks him to show his mobile phone. Next, the caretaker dials the phone number written on the parcel. If the call is displayed on the mobile phone held in the hands of the recipient (with the number of the caretaker clearly shown in the display), this proofs the rightful person showed up to collect the parcel.
Of course this is very similar to the use SMS to send one-time passwords or transaction codes to people signing in to websites, or doing electronic banking. But this protocol doesn't cost you anything (if the caller does not pick up his phone). Moreover, this protocol allows you to ask someone else to collect the parcel... Simply forward all your incoming calls to his mobile...
- Alice orders $0.50 product from Cheap’R’Us online store of Eve- Eve orders $5.000 product from Value’R’Us, gives Alice’s number- Alice goes to Cheap’R’Us store, asks for parcel- Eve1 calls Eve2- Eve2 goes to Value’R’Us store of Bob, asks for parcel- Bob calls Alice on her phone- Eve1 looks at Alice’s display and sends the secret number to Eve2′s fake phone- Bob gives Eve2 a parcel (value $5.000)- Eve1 gives Alice a parcel (value $0.50) +1
Nice. But isn’t a MitM possible?
Yes, but this assumes you can spoof CLI (calling line identification) so that Eve1 can call Eve2 pretending that the call comes from Bob’s phone.
If that is possible (and I know it is in current systems) then an easier attack (that doesn’t need you to set up a front-shop) is to order a cheap product at Bob’s Value’R’Us store, record Bob’s phone number when you pick it up, wait until someone orders something expensive at Bob’s store, show up at Bob’s, and when Bob calls the victim, let someone else call you using Bob’s recorded phone number.
If only CLI was secure…. ;-)
I was thinking Eve2 (collaborating with Eve1) could use a device that looks like an authentic cell phone (to Bob), but isn’t. The device needs to be able to make a ringing noise and it needs to be able to display a number.
Not sure how to solve it (under assumption CLI is secure): - Make Alice aware by showing transaction details (no longer a ‘free’ call then) - Make Bob check authenticity of device (customers can only use tamper resistant iPhones) - Some sort of distance bounding protocol (Bob could detect that it takes longer than usual between dialing Alice’s number and Eve2’s device ringing?)