SMS forging or spoofing is a relatively new technology which uses the short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company, product).
SMS Spoofing occurs when a sender manipulates address information. Often it is done in order to impersonate a user that has roamed onto a foreign network and is submitting messages to the home network. Frequently, these messages are addressed to destinations outside the home network – with the home SMSC essentially being “hijacked” to send messages into other networks.
SMS Forging is the method to spoof sender id of SMS. One can send SMS to international Number from any number of sender’s choice. Facility to choose sender id upto 11 characters/name.
SMS Routing
- First of all the sender send the SMS via SMS gateway.
- The identity of the sender is attached to the SCCP packer of the SMS.
- The SMS once reach the SMS gateway is routed to the destination Gateway and then to the receiver’s handset.
There are many ways by which we can send SMS to the SMS gateway. One of them is to use internet. Now the concept of SMS forging lies in changing the SCCP packer which contains the sender information prior delivering to the SMS gateway. The intruder can change the SCCP packet and can send that packet to any of the receiver as a spoofed SMS. Some of the Website on the net also provides this facility. When SMS is sent using an application, it is routed through international gateways.
Spoofing of Message Id(SDCCH/SCCP Info) take place at International gateway. Finally SMS is routed to destination SMS Center number. As there is no authentication system, it is sent to destination number with spoof ID.
SMS is a powerful platform to deliver information to end-users. Spammers and attackers have been increasingly targeting text messaging to advertise scam and defraud users. Security professionals are training users to identify malicious emails, but are mistakenly leaving out SMS and mobile communication. SMS currently is being used to deliver advertising, SPAM and a proof of concept SMS exploits. SMS transmitting botnets has been demonstrated for the Android platform (CloudMark-Blog, 2013). SMS provides no authentication of the sender with no certificate or signing capabilities. Carriers are starting to deploy spam filters, but large numbers of spoofed messaging continue to pass through and will increase in the future.
