romanpoet.org:: RFC : Theoretical Short Message Service (SMS) Exploits [Changes]   [Calendar]   [Search]   [Index]   [PhotoTags]   

RFC: Theoretical Short Message Service (SMS) Exploits

I've been thinking lately, with all of these SMS-enabled devices around, and users being charged for what SMS messages they RECIEVE on them, is just waiting to be abused. I haven't done much research on it, but looking at the history of such things (and just the techincal feasibility), it seems decidely unlikely the cell phone companies are using any kind of strong authentication on the sending part of the protocol. I've been able to come up with two possible ways by which the system could be abused to spam users and significantly increase their bill, and I'm very much interested in feedback from the rest of the community for ideas. Please mail me virgilatyakdot.net with any thoughts you might have on the idea. In the future we'll try and provide an easy web-based form that will allow for easier responding.

The two methods I've come up with thus far is:

  • Creating a rogue cell phone tower, which will then pretend it is the user's regular phone tower. This same concept can be explored in multiple ways, such as creating a PDA-like device that will spam all users within a certain area, etc.
  • There are also mechanisms to send SMS messages via TCP/IP. We already know TCP/IP fairly well, and the usual possibilities of perl-scripts, ip-spoofing techniques, and that sort generally apply. It's not currently known how they are implementing the TCP/IP->SMS connection. But in principle the web-interface for this service is highly exploitable.

    Cheers,
    -Virgil


    Discussion:

    showing all 2 messages     [Show 3 7 *10* 14 30 100 999 days or 10 *20* 30 50 100 999 messages]

    2003-09-07

    by gregr:
    The newest version of AIM has builtin SMS features. On the buddy list setup screen simply push the add mobile button. With a bot or even a macro you could easily send a massive number of messages. Things to check out:

    1. is the number of messages you send limited?

    [add to list if nessicary]

    2005-02-10

    by strick:
    a couple of years go, telecom people told me all SMS are sent over TCP, at least from phone company to phone company, country to country.

    Post a new message:

       

  • (last modified 2005-07-21)       [Login]
    (No back references.)