Have you ever received a weird SMS from a friend which he or she later claimed never to have sent? You are lucky if you haven’t because more and more people in the city are falling prey to mobile spoofing where one can send SMS from any number without touching the actual phone. All one needs to do is to login to a certain website, register and start sending messages to any one in India with someone else’s mobile number.
After Internet Protocol (IP) or caller ID faking, mobile spoofing is the new security threat that has hit the country. Though the technology has been around for sometime, it is of late catching up with youths in the city. Ethical hackers warn that while many youngsters think they are playing a prank, it may turn out to be a major security risk if some terrorist or anti-social elements get involved in it.
According to cyber crime experts, the person receiving the SMS will not know whether the message is fake or not. The websites facilitating mobile spoofing exploit certain security vulnerabilities to obtain access to the SMS-Internet tunnel by creating a malicious code. Even the mobile service provider is not aware when the network is being misused.
Says additional SP (cyber crimes) U. Rammohan, “We can trace the sender of the fake messages through the IP address, but it is quite a challenging task,” he points out.
Mobile spoofing websites offer both free and paid SMS spoofing services. The popular websites among youngsters are: xxsidxx.co.cc, fakemsg.com, fakemytext.com, www.sneaksms.com and sms.fake.com. There’s also a dedicated software called “SMS spoof” which is freely available on the Internet.
Ethical hackers blame mobile companies for this. “They need to set up advanced authentication mechanisms. SMS servers are hugely vulnerable since they are not properly secured,” observes networking security engineer M.M. Ganga Raju. “The only way to detect and block spoofed messages is to screen incoming messages to verify that the sender is a valid subscriber,” he adds.
“You can send an SMS from a website to a woman using her husband’s number informing her to hand over money to a person he deputes, because of which chances are that she may hand over the money to the impostor,” says ethical hacker M.V. Rama Rao.
Posts
