Abstract

The short message service (SMS) is a service for exchanging texts via mobile networks that has been developed not only as a means of text communication between subscribers but also as a means to remotely manage Internet of Things (IoT) devices. However, the originating number of an SMS can be spoofed. If IoT devices authenticate administrators based on the originating number of an SMS, the authentication is bypassed via SMS origin spoofing. Consequently, IoT devices are at risk of accepting commands from attackers and performing unauthorized actions. Accordingly, in this study, the specifications of major cellular IoT gateways were evaluated by focusing on remote management via SMS, and the authentication bypass hypothesis was verified. The results showed that 25 of the 32 targeted products supported SMS-based remote management, and 20 implemented authentication based on the originating number of the SMS. Furthermore, by spoofing the originating number of the SMS, one product was demonstrated to be remotely exploitable through authentication bypassing. Thus, this study revealed the threats posed by SMS origin spoofing to IoT devices and proved that SMS origin spoofing not only threatens text communication between people but also puts machine communication at risk.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
IoT vs. Human: A Comparison of Mobility
Dianlei Xu ... Depeng Jin
IEEE Transactions on Mobile Computing | VOL. 21
Dianlei Xu, et. al.Dianlei Xu ... Depeng Jin
31 Aug 2020
Dynamic Packet Scheduling for Internet of Remote Things (IoRT) devices in 5G Satellite Networks
Gbolahan Aiyetoro ... Pius Owolawi
-
Gbolahan Aiyetoro, et. al.Gbolahan Aiyetoro ... Pius Owolawi
01 Jun 2020
Connecting food supply chains
-
Food Science and Technology | VOL. 36
--
01 Sep 2022
Classification of cyber threats for internet of things
S T Tleuberdin ... Y N Seitkulov
Bulletin of the National Engineering Academy of the Republic of Kazakhstan | VOL. 90
S T Tleuberdin, et. al.S T Tleuberdin ... Y N Seitkulov
15 Dec 2023
View more papers

More From: Digital Threats: Research and Practice

Paper Title
Journal
Date
Author
On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features
Lasse Nitz ... Avikarsha Mandal
Digital Threats: Research and Practice | VOL. -
Lasse Nitz, et. al.Lasse Nitz ... Avikarsha Mandal
09 Dec 2024
Investigating Threats Posed by SMS Origin Spoofing to IoT Devices
Akaki Tsunoda
Digital Threats: Research and Practice | VOL. 5
Akaki TsunodaAkaki Tsunoda
09 Dec 2024
Social Media Authentication and Combating Deepfakes using Semi-fragile Invisible Image Watermarking
Aakash Varma Nadimpalli ... Ajita Rattani
Digital Threats: Research and Practice | VOL. -
Aakash Varma Nadimpalli, et. al.Aakash Varma Nadimpalli ... Ajita Rattani
12 Oct 2024
Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and Experiments
Marcus Botacin
Digital Threats: Research and Practice | VOL. -
Marcus BotacinMarcus Botacin
11 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.