Worse, GSM encryption is pretty broken, people could be listening in, etc. Phoning people is still sensible in that attackers have to be close to the target, though (or get a wiretap).
Surprisingly not, mostly due to some very strange bits of the GSM protocol.
Basically, as long as you have enough signal such that the victims handset can hear your commands, you can tell it that you are stronger then any other signal, and the handset will instantly switch to your cell.
What's worse is that there exist secure GSM encryption/etc. standards, however as the cell tower chooses what encryption to use, it is mostly pointless. (I remember watching a video about this. Apparently your phone is meant to show a massive warning if they are using unencrypted GSM. None do).
There is a lot wrong with GSM, and I didn't even know about this particular attack (thanks!), but you still have to be reasonably close to the victim - it's harder than "attack from anywhere on the internet".
Most certainly agree. Unfortunately, dropping the range limit from "Anywhere on earth" to "From a nearby mountain" doesn't fill me with all that much confidence.
That pretty much covers it. We telephone them in house on their extension number and there's only 60-ish employees so we know their voices. Externally they have to call back.
In enabling my Gmail account to use 2 factor authentication, Google required me to hand over my text-enabled cell phone number, and they texted me a code which I was required to input in a form. Similar to having the client call you back, but this can be automated.
What if they are traveling? How do you verify the other person on the phone is who they say they are?