Mobile programming: how safe is SMS

Question

Mobile programming: how safe is SMS

I am currently developing a web service that is configured to receive SMS text messages from different cell phones. Along with each message, I also receive the mobile phone number from which the SMS originated.

My question is: is it possible for someone to disguise themselves as another phone number. That is, you can send SMS from your phone (or in other ways) and make it look like it came from a certain number?

I read about SMS spoofing, where you can receive SMS intended for other numbers, but I want to know whether it is possible to send posing as someone else (send from a phone or web application, etc.).

+6

mobile sms

Sesh Sep 03 '09 at 18:00

source share

2 answers

How can I send via the GMX Webinterface - with my phone number as the sender, I conclude that this is really possible.

+2

StampedeXV Sep 03 '09 at 18:07

source share

skaffman · Accepted Answer · 2009-09-03T18:08:31+0000

Spoofing is pretty trivial with the right setup. For example, we send a large number of SMS messages using a third-party aggregator service, and each SMS has a “sender” field, which can be a phone number (in particular, MSISDN) or a text value. We could, if we wanted, put someone there.

SMS is extremely unsafe. It was designed as a return channel for GSM engineers to test their networks and turned out to be a good profit counter, so they just left it as it is.

In order not to say that you should not send confidential information via SMS, just be aware of the lack of security and trust (or do not trust) messages accordingly. There is no channel 100% safe, you need to decide whether it is enough to ensure that you want to send on it.

Mobile programming: how safe is SMS

More articles: