SMS spoofing: Mobile advertising enemy number one
By JF Sullivan
You hear a lot of talk about mobile content security nowadays, particularly as a threat to the long-awaited emergence of mobile advertising.
While the levels of threats vary from Asia to Europe to North America, today there are four identifiable types of SMS mobile spam messages with which operators have to contend.
First, there is classic "mobile content spam," where the content provider has a service agreement with the operator and sends questionable content.
There is SMS flooding, where the content provider "floods" a foreign SMS center with numerous messages.
There is also SMS Faking, where a hacker simulates the behavior of an SMS switch to send messages.
And, finally, there is SMS "spoofing," where the hacker uses an engine to simulate mobile devices, especially in roaming situations.
It is the last type of attack, SMS spoofing, which is undoubtedly one of the fastest growing methods to penetrate mobile operators.
SMS spoofing is a recent development quickly evolving with the growth of cellular networks worldwide.
Essentially, the SMS message is reset to alter who the sender appears to be. You may have seen this on your own phones when you receive a text message that comes from an apparently random alphanumeric string.
One of the main problems with identifying and dealing with SMS spoofing is that there are a number of legitimate uses for this technology, including corporate branding of a message, setting a mobile number for return phone calls and identifying the text with products or services from the vendor.
When you consider how a company would successfully launch mobile advertising, for example, it is easy to understand the need for such capabilities.
However, the ability to do SMS spoofing has also led hackers to explore new ways to compromise mobile phones.
SMS spoofing is achievable because almost all phones today have access to, and are accessible from, the Internet.
By virtue of this fact, a miscreant is able to direct attacks on subscribers inside a network from the Internet, disrupting the mobile experience of the user, as well as incurring non-recoverable charges for the mobile operator.
In this diagram, a hacker creates an SMS message to a phone number 2223332222 in the network.
In this example, the message is forwarded to User B in the network, but the spoofing application states that its originating address is actually 1112221111:
Spoofer ï? Network switch ï? Mobile user (2223332222)
The smaller problem here is that the since the spoofer can impersonate anyone or any application it wishes, it can develop compelling content to which the mobile user can respond. For example, "Click here to update your billing profile" or "Win free money."
The larger problem is that the subscriber attached to the 1112221111 number is billed for the SMS message and is likely to balk at the incorrect charge.
The operator will then spend even more money tracking down the issue and wasting precious support resources while the impersonated customer fumes and considers switching networks.
Interestingly enough, many operators feel that this is not a problem, or at least, not a problem worth thinking about right now.
Most will point to the availability of protocol solutions (Signaling Fraud Protection) that effectively block most types of off-network spoofing attacks.
However, spammers have already adapted and are now leveraging on-network connections to cross over into another network and spoof SMS messages (see diagram).
These types of attacks can only be prevented using content filtering technologies. This is because the nature of the network protocols makes the attacker indistinguishable from valid SMS requests.
Mobile operators will need to examine ways of filtering the content to distinguish valid traffic, particularly before significant money and resources are invested in developing high-value mobile advertising content.
JF Sullivan is vice president of marketing at Cloudmark, San Francisco. Reach him at