SMS spoofing

Last updated

SMS spoofing is a technology which uses the short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company, product). This can also send "mysterious" messages that look like they are from legitimate numbers or contacts.

Contents

How SMS spoofing is carried out

SMS Spoofing occurs when a sender manipulates address information. Often it is done in order to impersonate a user that has roamed onto a foreign network and is submitting messages to the home network. Frequently, these messages are addressed to destinations outside the home network – with the home SMSC essentially being “hijacked” to send messages into other networks. In advanced cases they can even hijack existing contacts in a phone. In other words, the hijacker's message can appear to be coming from any number.

The impact of this activity is threefold:

  1. The home network can incur termination charges caused by the delivery of these messages to interconnect partners.
  2. These messages can be of concern to interconnect partners. Their customers may complain about being spammed, or the content of the messages may be politically sensitive. Interconnect partners may threaten to cut off the home network unless a remedy is implemented. Home subscribers will be unable to send messages into these networks.
  3. While fraudsters normally used spoofed-identities to send messages, there is a risk that these identities may match those of real home subscribers. The risk therefore emerges, that genuine subscribers may be billed for roaming messages they did not send. If this situation occurs, the integrity of the home operator’s billing process may be compromised, with potentially huge impact on the brand.

The legitimate use cases for SMS spoofing include:

  1. A sender transmits an SMS message from an online computer network for lower more competitive pricing, and for the ease of data entry from a full size console. They must spoof their own number in order to properly identify themselves.
  2. A sender does not have a mobile phone, and they need to send an SMS from a number that they have provided the receiver in advance as a means to activate an account.
  3. A sender adopts the default network gateway identifier provided by an online service, in order to send an anonymous sms, rather than specifying a number of their own choosing.
  4. A third party sends a message to a virtual number, which then forwards (resends) the message to one or more recipients in such a way that the true originator address (rather than the virtual number) appears as the sender ID and the recipient(s) can reply, call, sort, save, or otherwise process the message in the expected way.

An SMS Spoofing attack is often first detected by an increase in the number of SMS errors encountered during a bill-run. These errors are caused by the spoofed subscriber identities. Operators can respond by blocking different source addresses in their Gateway-MSCs, but fraudsters can change addresses easily to by-pass these measures. If fraudsters move to using source addresses at a major interconnect partner, it may become unfeasible to block these addresses, due to the potential impact on normal interconnect services.

Legality

In 2007, the UK premium rate regulator, PhonepayPlus (formerly ICSTIS) concluded a public consultation on anonymous SMS, in which they stated they were not averse to the operation of such services. However, in 2008 PhonePayPlus introduced new regulation covering anonymous SMS, requiring anonymous SMS service providers to send a follow-up message to the recipient stating that a spoofed SMS has been sent to them, and operate a complaints helpline.

Protecting users from SMS spoofing

If a user can prove that their SMS sessions have been spoofed, they should contact both law enforcement and their cellular provider, who should be able to track where the SMS messages were actually sent from. A user may also modify the phone's settings so that only messages from authorized numbers are allowed. This is not always effective since hackers could be impersonating the user's friends as well.

Related Research Articles

<span class="mw-page-title-main">SMS</span> Text messaging service component

Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text messages. An intermediary service can facilitate a text-to-voice conversion to be sent to landlines.

<span class="mw-page-title-main">IP address spoofing</span> Creating IP packets using a false IP address

In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.

<span class="mw-page-title-main">Roaming</span> Wireless telecommunication term

Roaming is a wireless telecommunication term typically used with mobile devices, such as mobile phones. It refers to a mobile phone being used outside the range of its native network and connecting to another available cell network.

Multimedia Messaging Service (MMS) is a standard way to send messages that include multimedia content to and from a mobile phone over a cellular network. Users and providers may refer to such a message as a PXT, a picture message, or a multimedia message. The MMS standard extends the core SMS capability, allowing the exchange of text messages greater than 160 characters in length. Unlike text-only SMS, MMS can deliver a variety of media, including up to forty seconds of video, one image, a slideshow of multiple images, or audio.

<span class="mw-page-title-main">Text messaging</span> Act of typing and sending a brief, digital message

Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile devices, desktops/laptops, or another type of compatible computer. Text messages may be sent over a cellular network or may also be sent via satellite or Internet connection.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Mobile phone spam</span> Unwanted communication through a mobile phone

Mobile phone spam is a form of spam, directed at the text messaging or other communications services of mobile phones or smartphones. As the popularity of mobile phones surged in the early 2000s, frequent users of text messaging began to see an increase in the number of unsolicited commercial advertisements being sent to their telephones through text messaging. This can be particularly annoying for the recipient because, unlike in email, some recipients may be charged a fee for every message received, including spam. Mobile phone spam is generally less pervasive than email spam, where in 2010 around 90% of email is spam. The amount of mobile spam varies widely from region to region. In North America, mobile spam steadily increased after 2008 and accounted for half of all mobile phone traffic by 2019. In parts of Asia up to 30% of messages were spam in 2012.

Phone fraud, or more generally communications fraud, is the use of telecommunications products or services with the intention of illegally acquiring money from, or failing to pay, a telecommunication company or its customers.

GSM services are a standard collection of applications and features available over the Global System for Mobile Communications (GSM) to mobile phone subscribers all over the world. The GSM standards are defined by the 3GPP collaboration and implemented in hardware and software by equipment manufacturers and mobile phone operators. The common standard makes it possible to use the same phones with different companies' services, or even roam into different countries. GSM is the world's most dominant mobile phone standard.

Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.

The IP Multimedia Subsystem or IP Multimedia Core Network Subsystem (IMS) is a standardised architectural framework for delivering IP multimedia services. Historically, mobile phones have provided voice call services over a circuit-switched-style network, rather than strictly over an IP packet-switched network. Various voice over IP technologies are available on smartphones; IMS provides a standard protocol across vendors.

<span class="mw-page-title-main">Prepaid mobile phone</span> "Pay-as-you-go" mobile phone service

A prepaid mobile device, also known as a pay-as-you-go (PAYG), pay-as-you-talk, pay and go, go-phone, prepay or burner phone, is a mobile device such as a phone for which credit is purchased in advance of service use. The purchased credit is used to pay for telecommunications services at the point the service is accessed or consumed. If there is no credit, then access is denied by the cellular network or Intelligent Network. Users can top up their credit at any time using a variety of payment mechanisms.

A Short Message Service Center (SMSC) is a network element in the mobile telephone network. Its purpose is to store, forward, convert and deliver Short Message Service (SMS) messages.

Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked. Disposable email address or "masked" email is a different topic, providing a masked email address that is not the user's normal address, which is not disclosed, but forwards mail sent to it to the user's real address.

<span class="mw-page-title-main">Caller ID spoofing</span> Phone caller faking the phone number sent to the recipient of a phone call

Caller ID spoofing is a spoofing attack which causes the telephone network's Caller ID to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. This can lead to a display showing a phone number different from that of the telephone from which the call was placed.

Mobile marketing is a multi-channel online marketing technique focused at reaching a specific audience on their smartphones, feature phones, tablets, or any other related devices through websites, e-mail, SMS and MMS, social media, or mobile applications. Mobile marketing can provide customers with time and location sensitive, personalized information that promotes goods, services, appointment reminders and ideas. In a more theoretical manner, academic Andreas Kaplan defines mobile marketing as "any marketing activity conducted through a ubiquitous network to which consumers are constantly connected using a personal mobile device".

An SMS gateway or MMS gateway allows a computer to send or receive text messages in the form of Short Message Service (SMS) or Multimedia Messaging Service (MMS) transmissions between local and/or international telecommunications networks. In most cases, SMS and MMS are eventually routed to a mobile phone through a wireless carrier. SMS gateways are commonly used as a method for person-to-person to device-to-person communications. Many SMS gateways support content and media conversions from email, push, voice, and other formats.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

Unstructured Supplementary Service Data, or USSD is a communication protocol used by GSM cellular telephones to communicate with the service provider's computers. A gateway is the collection of hardware and software required to interconnect two or more disparate networks, including performing protocol conversion.

The Short Message Service is realised by the use of the Mobile Application Part (MAP) of the SS7 protocol, with Short Message protocol elements being transported across the network as fields within the MAP messages. These MAP messages may be transported using "traditional" TDM based signalling, or over IP using SIGTRAN and an appropriate adaptation layer.

References