Abstract
The short message service (SMS), a service for exchanging texts via mobile networks, has become a universal means of communication. SMS is a mechanism for sending a text message to a specific mobile phone number. Its protocol enables the sender to specify the destination phone number but not the originating number. However, the short message peer-to-peer (SMPP) protocol, which forwards SMS messages, enables the sender to specify the originating number. If the SMPP protocol allows the sender to specify another person’s phone number as the originator, an attacker can use it to send a short message impersonating another person. In this study, short messages were sent from an SMPP gateway service with any phone number specified as the originator, and their delivery to the Japanese mobile network was verified. All the verified mobile network operators (MNOs) were able to spoof the origin to any international phone number, and one MNO was able to spoof it to any national phone number. The results of this study reveal that SMPP can potentially be exploited to spoof the originating number of an SMS. Furthermore, a threat scenario was devised using spoofing and mitigation measures.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
