2011
By Syed Akbar
Strange it may sound, but one can create mistrust between two persons by sending hate sms to one of them through the other's mobile, without actually touching his or her mobile phone. All one has to do is to login to a certain website, register and start sending sms to any person in India faking someone else's mobile number.
Mobile spoofing or sending sms to persons using a third person's mobile number, is fast catching up among youngsters in the city, causing concern to security agencies. Mobile spoofing is a new security breach to hit the country, after internet protocol (IP) or caller ID faking. Though mobile or sms spoofing has been there for quite some time, it is of late catching up with students and youths.
Ethical hackers warn that many youngsters think they are playing a prank, but this innocent prank may turn out to be a major security risk for the country, if some anti-social elements get involved in mobile spoofing.
According to cyber crime experts, the person receiving the fake sms will not know that the message is spoofed or fake. There's no technical way of finding out from where the sms has originated. The websites facilitating mobile spoofing exploit certain security vulnerabilities to obtain access to sms-internet tunnel by creating a malicious code or Trojan.
Even the mobile service provider does not know that the network is being misused. The software allows one to send sms from any sender ID to any mobile and one can fake the sender ID to any phone number.
Says additional SP (cyber crimes) U Rammohan, faking sms can pose security risk if some terrorist or anti-social groups are involved in it. “We can trace the sender of fake smses through the IP address, but it is quite a challenging task. If the proxy IP address is used to send sms, it becomes difficult, though not impossible, to reach the sender,” he points out.
Mobile spoofing websites offer both free and paid sms spoofing service. Sites offeringfree service limit the number of fake sms between 10 and 30. But those charging a fee provide unlimited sms facility. The mobile spoofing websites quite popular among youngsters playing prank with their friends include xxsidxx.co.cc, fakemsg.com,fakemytext.com, www.sneaksms.com and sms.fake.com.
Ethical hackers blame it on mobile companies for the continuation of the menace. Cell phone companies need to set up advanced authentication mechanism. SMS servers are victims of huge vulnerability exploits since they are not properly secured and widely exposed, observes networking security engineer MM Ganga Raju.
“The only way of detecting and blocking spoofed messages is to screen incoming mobile originated messages to verify that the sender is a valid subscriber and that the message is coming from a valid and correct location,” he adds.
There's also a dedicated software "sms spoof" which is freely available in the internet.Once it is downloaded in the mobile phone, one can send sms using a third person's number.
"You can send sms from the website to a woman using her husband's number informing her to hand over money to a person he deputes. Since the woman gets sms from her husband's mobile number, chances are she may hand over money or jewellery to an impostor, if she fails to cross-check the message with her husband," says ethical hacker MV Rama Rao.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment