Jump to content

Search the Community

Showing results for tags 'sms vulnerability'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 1 result

  1. Get cell broadcast tech in, urges onetime Lulzsec white hat Ireland's efforts to keep residents informed about coronavirus has fallen foul of the same basic SMS vulnerability that one of their British neighbours experienced back in March. Lulzsec-bod-turned-security-consultant Jake Davis reckoned the Irish government is using an SMS sender name that is vulnerable to spoofing – a process that is simple and straightforward, not that we're going to explain how it's done. Anyone flying to the Emerald Isle must give their contact details to immigration staff, including a mobile phone number. That number is then sent a text from "gov ie" with details of how to call a doctor and get public health advice if one starts experiencing COVID-19 symptoms. "Fairly standard and responsible stuff," commented Davis. What was not "standard and responsible", in his view, was Ireland's mobile networks not blocking the sender name from being reused by anyone else at all. As he related it: "Now, when Darren [Martyn, a fellow infosec researcher] said to me 'hang on, can you try sending me a cheeky spoofed text from this sender?' my immediate thought was that there's no way this will work using basic SMS tricks. This was the result: One of these two messages was sent by the Irish government, though both appear to come from the same sender Earlier this year the British government briefly flirted with doing the same thing, with Davis blogging at the time (as we reported) that this was a "schoolyard" level of exploit. In Ireland's case, Davis warned the local authorities before disclosing his findings to El Reg and the wider world via his blog. lling for authorities in the UK to invest in mass-message cell broadcast technology ("It's faster, cheaper, and reaches 99 per cent of phones in a secure and reliable fashion"), Davis also urged governments in general to "liaise with known SMS API providers and local mobile carriers beforehand to make them aware of which names/numbers they'll be sending important texts from" and block those sender names and numbers from being used by others. It may surprise some readers to learn that this is not done by default – which is why unscrupulous telemarketing scammers can appear to be calling from phone numbers not actually assigned to them. As we reported in March when UK.gov's first mass-text-messaging campaign began, SMS cell broadcast was trialled in the early 2010s but initial promising trials faltered with no further progress since 2014 [PDF]. Standard anti-phishing advice is not to click links or dial numbers included in unsolicited messages, advice that still stands today despite the desperation of UK government and the NHS to broadcast public health messages using these very techniques. Source
  • Create New...