Google+ Badge

Thursday, 4 October 2012

SMS Fraud and Security


SMS Fraud and Security


SMS Delivery presents rich pickings for fraudsters, take care who you choose.

Firstly, this is not a technical posting.  There will be no mention of SCCP, IR 70 (well one), SRI, or MAP.  Hopefully the topic is as inclusive as possible and can stimulate debate.

If you're new SMS Fraud, its worth taking a brief step back in time to appreciate the root causes of the exploits that fraudsters use.  See History of SMS on wikipedia.

Whilst some issues have improved the following exploits still result in SMS Fraud:
  • SMS Spamming - See the post which discusses how HLR Lookup is being abused to generate SPAM.
  • SMS Faking - The SMSC sender of a message can deliberately alter the senders address such that the message can appear to come from someone elses SMSC.
  • SMS Spoofing - The SMSC sender of a message can pretend to be a roaming subscriber and send messages that appear to come from the roaming subscriber. 
  • SMS Flooding - This is a little bit like a denial of service attack.  An SMSC could pretend to be someones SMSC then deliberately flood the recipients network.
  • GT Scanning - Deliberate attempt to scan the network for SMSCs that are open and hence more vulnerable to the above threats.
  • SIM Farms - Using a computer connected simultaneously to hundreds of mobile phones sim cards, an application can send bulk sms and exploit operator consumer tariffs for all you can eat SMS per month.
  • SMS Interworking - Mobile operators don't tend to bother charging each other for Person to Person messages that land on their networks unless there is a significant imbalance.  Some companies exploit this by sending what appears to the operator to be Person to Person traffic but its actually commercial SMS.
  • HLR Faking - A fake HLR is set up and genuine HLR Lookups are made by fraudulent party.  IMSI responses are then altered.  Messages are then sent via intermediaries.  Prior to termination the defrauded aggregator looks up fake HLR which sends back altered responses which directs message to unexpected destination.
The IMSI or HLR Lookup is a key link in many of these exploits.  It reveals the crucial addressing information that could then be used and modified to launch an attack.  The impact of an attack can be significant:
  • Incorrect Billing:  Messages sent are billed to the sending party incorrectly.  If the messages are in their millions this has a big impact.
  • Connection Lost:  Senders can be cut-off. If Mobile Operators spot issues their only response is to cut off the connection.  This is bad news if you are sending good traffic and another provider is pretending to be your network and sending spam.
  • Price/Value Erosion: Wholesale price of SMS is eroded, because too many fraudsters sell cheaply in order to distinguish themselves from established SMS providers.  This results in more spam and erodes the value of the SMS Channel.
  • Lack of stability:  Providing global SMS connectivity is tough, Unpredictable changes to coverage makes it harder to deliver consistent services to customer.
The underlying messages here are:
  • If you sell HLR Lookup services, then take care who you are selling to.  The information they reveal could be used against you.  Customers may claim that it is for legitimate routing purpose only.  If this is the case then there are other safer alternatives to sell them.   Alternatives to HLR Lookup that only reveal MCC/MNC.
  • If you are selecting an SMS Provider, look closely at their background.  Things to look for are: well established (10 years or more is a rough guide), not incorporated in a tax haven, long list of known brand references, valid contact details (not just email only).  Don't discount the smaller/newer suppliers, I'm just trying to point out that many fraudsters will appear and then disappear regularly as they liquidate their ill-gotten gains.
If you are interested in stopping SMS Fraud, and want to keep the SMS channel clean in order to have powerful engagement with your customers then please follow my blog, take part and comment, and follow some of the useful links below.
Return to HLR Lookup home page