Two-factor authentication

SMS gateway from home - 2FA for online payment transactions: It's that easy!

Old phone, exhausted - before the implementation from a SMS gateway

But first things first: Before Covid-19 - and when our entire team was still working onsite in the office, we used a Samsung S5 smartphone.

2FA with SMS-TAN in the Slack Channel: Image of a Raspberry Pi configured as an SMS gateway with a switch on the left, a USB stick at the bottom and a red and a blue cable on the right.

The beginnings of SMS TAN for 2FA with IFTTT

To this device, the issuing bank sent one SMS TAN at a time. All developers involved and responsible for the payment process were able to conveniently read the TANs from the smartphone and accordingly test the payment process in production.

Smartphone reaches its limits

The Samsung S5 was on power and charging, so reading the SMS TAN was a bit of a hassle. As a result, we installed the app IFTTT on the S5 and redirected the SMS messages to a channel of the communication software Slack, to which the developers had access.

After the outbreak of the pandemic, it helped the team in the home office a lot to receive the SMS messages via the Slack channel - because everyone concerned had access to it.
Then, all of a sudden, no more SMS messages reached us on the Slack channel. Only a restart of the app brought relief: we traced this back to the Android version, for which there were no more updates.

Our idea - an SMS gateway

"We had to find another solution to ensure delivery of the SMS messages with the TANs to the team. Finally, we wanted to become independent of IFTTT and a smartphone that had to be constantly checked."

André Laugks Technical Director at denkwerk

First, we evaluated several SMS gateway providers that offer interesting features, such as something like creating a virtual mobile number for the bank, forwarding to 1-n more smartphones, or providing an API. However, SMS gateway providers are more targeted at businesses that communicate and send information to their customers via SMS.

On the one hand, however, we didn't want to change the mobile number again at the bank, and on the other hand, we weren't convinced by the monthly costs.

We came to the conclusion: let's implement our own SMS gateway! The functionalities we needed were manageable - accept SMS and forward them internally.

We initially sent the SMS to the Slack channel again, but switched to a mini-application using the Symfony and Bootstrap frameworks for this purpose. This application provides a RESTful endpoint (API) that the Raspberry Pi computer uses to route the SMS to the application. Finished was our SMS gateway!

Technical implementation of the SMS gateway - the requirements:

    • Raspberry Pi 4

    • Huawei E173 UMTS Stick

    • simcard

    • Raspbian GNU/Linux 10 (Buster)

    • Gammu (v1.40.0) and Gammu-smsd (v1.40.0)

    • picocom v3.1

    • modeswitch v2.5.2

Make sure that the Raspberry Pi is updated with a fresh installation of Raspbian OS 10 (Buster) on an SD card.

The complete instructions and configuration are available in the GitHub repository. Alternatively: instructions and configuration in the GitHub repository.