By Andy Kemshall
Originally considered a business tool, today SMS is purported to be the most widely used data application in the world, with 3.6 billion active users, or 78% of all mobile phone subscribers – although I think this might actually be grossly underestimated! So, just what is SMS being used for two decades later?
As you’d expect the majority of us are happily using SMS as it was first intended – to send simple messages to friends, family and colleagues. Anything from hello, where are you, and perhaps even birthday greetings. Proposals of marriage have been sent, as well as rather cruel ‘Dear John’ communications, jokes and witticisms with the occasional inspirational quote thrown in for good measure. We’ve even developed our own code – BTW, LOL, M8 and OMG! With many service plans now included unlimited text messages it’s hard to imagine that using SMS to keep in touch will ever go out of fashion.
Instead of just sending a message, now you can send money too by SMS with many charities happily raising huge sums of money from text contributions. The user sends a simple phrase – for example ‘donate £x’, and the sum is either taken from existing credit or added to the next bill. So popular is this trend, in 2011 Comic Relief raised over £15m through text donations alone.
Banking is another great example of where SMS is being widely adopted to challenge the traditional. While some banks will now text you a weekly bank balance, that’s just the tip of the banking SMS iceberg. Services are being introduced that allow people to withdraw cash from an ATM (automated teller machine), without even inserting their credit or debit card. This is particularly useful for people who have had their card stolen or misplaced their wallet but is even being touted as a way for parents to send money to children away from home or even abroad. The system works by sending a six-digit one time passcode (OTP) via SMS to the user’s phone, valid for three hours, which is entered at the cash point to retrieve the money.
In fact, mobile phones are becoming so integral in everyday life, that they’re even capable of confirming our identities. This could mean, one day, we’ll no longer need to sign for things. For example, two factor authentication (2FA) combines something you know, with something you own – an existing example of 2FA in action is ‘chip and pin’ for authorising credit and debit card payments. As in the previous example, we’ve already seen one way SMS is effectively replacing the need for a chip enabled card altogether. Take this a step further and it can be used to prove our identities too. For example, many banks use an OTP generator (often referred to as a ‘token’) for accessing their networks, or even to access corporate networks. To log onto the system, you enter your username (the something you know component) and then the code generated by the token (the something you own element).
Apparently, in some countries, the police use ‘silent SMS’ to track down criminals. Silent SMS, also called Flash-SMS, was originally designed to allow operators to determine if a mobile phone is switched on, and to test the network, without the user knowing. A message is sent to another mobile phone which is rejected by the recipient mobile, and leaves no trace. In return, the sender gets a message from a mobile operator confirming that the Silent SMS has been received. By identifying the three antennas closest to the mobile, then triangulating the distance according to the speed it takes for a signal to make a return trip, it is possible to pinpoint the person’s location.
On 6 December 2011, the German Interior Minister Hans-Peter Friedrich confirmed that German police and intelligence officers send about 440,000 Silent SMS a year. And they’re not alone as, in the Netherlands, the police have been using the technique since 2006.
Whether SMS will still be around in another twenty years remains to be seen – especially with email, skype and other ‘free’ communication tools being rapidly introduced and adopted. However, I’m sure Neil Papworth won’t be the only person to text ‘Merry Christmas’ to his contact lists this year.
About the author
Andrew Kemshall is the Co-founder and Technical Director of SecurEnvoy. Before setting up SecurEnvoy which specialises in tokenless 2 factor authentication, Steven was worked for RSA as one of their original technical experts in Europe, clocking up over 15 years experience in user authentication. His particular specialty is two factor authentication in the fields of architecture, design and development of next generation authentication software.
In the early 1990s Andy Kemshall made history by sending the first ever OTP via an SMS message. Today, his invention forms the foundation of SecurEnvoy’s tokenless 2FA solution – SecurAccess. SMS is the perfect alternative 2FA solution as, instead of having to carry lots of different OTP generators, every phone capable of receiving SMS messages can act as a token, with each phone capable of carrying multiple tokens – for example one for the bank, one for the corporate network.
About the company
SecurEnvoy is the trusted global leader of Tokenless® two-factor authentication. SecurEnvoy lead the way as pioneers of mobile phone based Tokenless® authentication. Their innovative approach to the
Tokenless® market now sees thousands of users benefitting from their solutions all over the world. With users deployed across five continents, their customers benefit from significant reduced time to deploy and a zero footprint approach means there is no remote software deployment and administrators enjoy the management tools allowing them to rapidly deploy up to 20,000 users per hour.