Telepocalypse

Overphishing concerns

Just to follow-up on some interesting stuff on James Seng’s blog on spoofing and phishing attacks.

Take a look at this article on how Netscape 8 includes anti-phishing techniques. Notably, there’s a “traffic light” icon to say whether a site is known to be kosher, a fraud, or unclassified.

A weakness of cell phones is that they lack a second user interface channel through which to express trust. Although there’s normally a “reserved area” of the screen for the signal strength, battery, etc., this may be imitated by Java or Symbian apps that take over the whole screen. It’s a weak security mechanism. Anyone can draw a convincing padlock. Various types of clever mutual-authentication systems exist, but require user education and mass adoption. Ultimately, metadata on trust is best sent via a different channel than the message whose authenticity may be in doubt.

So why not create a second communication channel on the phone to convey trust information? My favourite approach is to re-invent the logo. Every phone comes with a printed manufacturer or operator logo. This should be an LED, multi-coloured if necessary. It’s the equivalent of Netscape’s traffic light, and is a powerful associator of the trust message with the network or handset vendor’s brand. (Of course, a true end-to-end fanatic would want anyone on the net be able to be the trust provider.) It’s not enough on its own to combat spoofing, but a winking red LED could do a lot to tell you this isn’t really your bank asking you for your PIN.

A problem of *inter*networking is that trust isn’t transitive; you’ll never rid the Internet of spoofed packets and misrepresented identity. The natural defence of the integrated monopoly network provider is to appeal to safety and security; it’s the achilles heel of the Internet. Implausible promises of making the Net safer are likely to feature heavily in the plans of big telcos currying political favours.