SMS security scare
description: November 4, 2009: Imagine receiving an SMS from someone you know, then discovering it was fake. Ben Fordham discovers a massive hole in SMS security that will make you think twice the next time you receive a text message.
Tags
fake
fake
hole
hole
message
message
scare
scare
security
security
SMS
SMS
Comments
The ISP has closed the loophole - you now have to verify the "from" mobile number before messages can be sent. Problem solved for that software+ISP, but not for many others. Nor mail. Nor email. -
peterh_oz
The government will not respond, in reality, there is NOTHING that can be done about it. These 'loopholes' are built in to the system, and can not be 'just patched', the loopholes are in the protocols used world wide. To fix the email problem you would first have to redesign the entire system, then update every email server across the entire world and every email client (eg Outlook Express) across the whole world. Not going to happen. For mobile phones the problem is worse, in most cases it is not possible to just change the SMS handling software on the phone. -
Macka007007
[sarcasm on] They just posted a followup story that you can !shock! do the same thing with email. What they missed was that !shock! you can do the same thing with the regular post! That's right -- I can write a letter to someone, mail it via Australia Post, and _claim_ that it is from anyone else by simply writing their address on the back. And I can write any 'from' address that I want! Oh shame! to the postal service, when are they going to close this "security loophole" that has been around for hundreds of years? [sarcasm off] -
s_gryphon
Another thing which seems to evade the thick headed people is that even if someone tried to use it for the wrong reason and they send a message on behalf of someone else; as soon as the recipient replys, it goes to the sim card of the person who supposedly sent the message in the first place. So nothing can be done with this 'loop hole' except for sending one way messages from a PC to a Mobile phone, after which the PC sender has no idea if the recipient has replied. On top of that, the messages sent via the only appilcation that does this (eXeSMS) is via a contracted ISP account. So if someone is stupid enough to abuse it, their activity is logged and can be provided as evidence if need be. -
Si1v3s7r43
The person who brought this item to ACA, who does he work for. A good free way of advertising the program to rope in the idiots to purchase an account with the only ISP provider who can handle this small program. Good idea if the senders mobile number was yours and only yours. ACA should really check the stories fully before transmitting. -
vanam0
The program mentioned is eXesms and is offered only to customers of EXETEL isp. The use of this program is closely monitored and makes the user fuly accountable for all sms messages sent. It is not an open source program, free for anyone to use...quite the contrary. I would think that the isp will promptly track down the offending user and cancel their service for breach of his agreed fair usage. Another ACA panic tactic. Yknow not all watchers of your show are as thick as you would like. -
unibummer1
Interesting story. What is the program? -
Mitchy255
that's an interesting story, sadly no technical details given. Not everyone can do that for free, fyi. or for free ones, you need to get internal telco info (smpp sysid & passwd). -
thek3y
similar videos
SMS security scare victims
Fake it, don’t bake it
Security scare at court
Help Yourself Hotels
9RAW: Hospital security scare
Border Security
Qantas scare
Fake Tans
Qantas Security
Message in a Bottle
What's Hot
News
NEWS
CURRENT AFFAIRS
60 Minutes
A Current Affair
Sunday
TODAY Show 5:30-9am
Sport
Entertainment
Comedy
TV shows
Music
Lifestyle
Travel
Money
MTV
welcome to ninemsn Video!
ninemsn Video home
Download TV Shows
Sign in
ninemsn home
Mail
Video
Web
Loading...
