How SMS Hacking works?
February 22nd, 2023

with SIP it is easy to spoof a phone number. What is confusing is when a hacker sends an SMS messaage from a spoofed number, how are they able to get the return SMS message?

When a hacker sends an SMS message from a spoofed number, they are not actually using the phone number associated with that number to send the message. Instead, they are using a technique known as SMS spoofing, which allows them to send SMS messages from any number they choose, including numbers that are not associated with them. When the recipient of the spoofed SMS message replies to it, the message is not actually sent to the phone number that was spoofed, as that number is not associated with the sender. Instead, the message is sent to a different phone number, which the hacker has configured to receive any incoming messages sent to the spoofed number. This is possible because SMS messages are routed through a series of servers and networks before they reach their final destination. When the hacker sends the spoofed message, they can configure the routing information to direct any replies to a different phone number that they control. This means that when the recipient replies to the spoofed message, the message is sent to the hacker's phone number instead of the spoofed number. The hacker can then receive the reply message and continue the conversation, posing as the original sender.

The hacker in this scenario would have to have access to servers at the carrier right?

Not necessarily. While some SMS spoofing techniques may require access to carrier servers, there are also other methods that can be used to spoof SMS messages without direct access to carrier servers. One common method is to use a SMS spoofing service, which allows users to send messages from any number they choose. These services work by exploiting vulnerabilities in the SMS messaging system and manipulating the message headers to make it appear as though the message is coming from a different number. Another method is to use open source software or tools that allow for SMS spoofing. These tools work by simulating the SMS messaging protocol and sending messages through a third-party SMS gateway, which can be configured to spoof the message sender's phone number. In either case, the hacker would not need direct access to the carrier's servers to spoof SMS messages. However, it is worth noting that these methods may still be illegal and unethical, and can have serious consequences for both the sender and recipient of the spoofed messages.

How similar is an SMS message to an HTTP request or email header?

An SMS message, an HTTP request, and an email header all serve the purpose of transmitting data over a network, but there are some key differences between them. An SMS message is a short message that is sent and received through a cellular network. It is limited to 160 characters and is typically used for text messaging between mobile devices. An SMS message typically includes the sender's phone number, the recipient's phone number, and the text of the message itself. An HTTP request, on the other hand, is a message that is sent from a client to a server over the internet. It is used to request resources, such as web pages or images, from a server. An HTTP request typically includes a request method (e.g., GET or POST), a URL, headers, and a body (in the case of a POST request). An email header is the top part of an email message that contains information about the message, such as the sender, the recipient, the subject, and the date and time. An email header is used to route the message to the correct recipient and to provide information about the message's origins and contents. While all three of these types of messages are used for data transmission, the format and content of the messages are quite different. An SMS message is much simpler and more limited than an HTTP request or an email header, which both have a much more complex structure and can include more data.

if the hacker is able to spoof the phone number on an outgoing sms, and remain in the loop to receive an SMS response to the spoofed number, there must be a header to manipulate

Yes, when a hacker spoofs an SMS message, they need to manipulate the message headers to make it appear as though the message is coming from a different number. The message headers contain important information about the message, including the sender's phone number, the recipient's phone number, and the routing information.

The headers of an SMS message typically include the following fields:

  • Sender: The phone number or name of the sender
  • Recipient: The phone number of the recipient
  • Service center address: The phone number of the SMS center that handles the message
  • Protocol identifier: The protocol used to transmit the message
  • Data coding scheme: The character set used to encode the message
  • Time stamp: The date and time the message was sent
When a hacker spoofs an SMS message, they can manipulate the sender field of the header to make it appear as though the message is coming from a different phone number. This is typically done by using a SMS spoofing service or by manipulating the message headers directly using open-source software or tools. Once the message has been spoofed, the hacker can configure a different phone number to receive any incoming messages sent to the spoofed number by manipulating the message headers. They can also use other techniques, such as intercepting the SMS message on a compromised device or using a phishing attack to obtain the recipient's response.

do you have a sample SMS header?

Sure! Here's a sample SMS header, in the format of the Short Message Peer-to-Peer (SMPP) protocol:
In this example, the fields of the header are separated by the vertical bar character (|). Here is a brief description of each field:
  • Service center address: 556677. This is the phone number of the SMS center that handles the message.
  • Sender: . This is the phone number of the sender.
  • Protocol identifier: 1. This field specifies the protocol used to transmit the message.
  • Data coding scheme: 1. This field specifies the character set used to encode the message.
  • Time stamp: 0000. This field specifies the date and time the message was sent.
  • User data header length: 00000000. This field specifies the length of the user data header.
  • User data header indicator: 1. This field indicates whether the message contains a user data header.
  • Message length: 1. This field specifies the length of the message.
Note that the format and content of SMS message headers may vary depending on the specific SMS protocol and implementation used by the carrier or messaging service.

who gets the bill for the SMS? the spoofed number?

In general, the person or organization that owns the phone number that is used to send the SMS message will be billed for the message, regardless of whether the message was spoofed or not. This means that if a hacker spoofs a phone number to send an SMS message, the owner of the phone number that was spoofed will likely receive the bill for the message.
However, in some cases, the recipient of the SMS message may be billed for the message, particularly if they have signed up for a premium messaging service or have agreed to receive text messages from a particular sender. In these cases, the recipient may be responsible for paying for the SMS message, even if the sender has spoofed the phone number. It is worth noting that SMS message pricing can vary widely depending on the carrier, the sender and recipient locations, and other factors. In some cases, carriers may offer special SMS pricing plans or packages that can provide discounts for bulk messaging or other use cases. If you are concerned about being billed for SMS messages that you did not send, it is recommended that you contact your carrier to discuss your options and review your billing statements carefully.

Hackers send http links in SMS messages. I note that if you click on one of these links in an SMS on an IOS device, it sometimes brings up the target website withOUT the usual missing SSL warning?

When you click on an HTTP link in an SMS message on an iOS device, the behavior you describe is likely due to the way that Apple's Safari browser handles HTTP links.
In the past, when you clicked on an HTTP link in Safari, you would typically see a warning message that the connection was not secure and that the site's certificate could not be verified. However, starting with iOS 14 and macOS 11, Apple introduced a new feature called "HTTPS Upgrade" that automatically upgrades HTTP links to HTTPS links when possible, without displaying the warning message. This means that when you click on an HTTP link in an SMS message on an iOS device running iOS 14 or later, the link may be automatically upgraded to an HTTPS link, and you may be taken directly to the target website without seeing the usual SSL warning. This behavior can make it easier for hackers to trick users into visiting malicious websites that have been designed to look legitimate, as the usual warning signs of an insecure connection may be absent. To protect yourself from this type of attack, it is important to be cautious when clicking on links in SMS messages or other messages from unknown senders, particularly if the message is unsolicited or contains suspicious content. You should also be sure to keep your device's operating system and security software up to date, and use a reputable antivirus or anti-malware solution to help protect against threats.

Has SMS hacking achieved the same level of use as email phishing?

SMS hacking, also known as SMS phishing or SMishing, has become an increasingly common attack vector in recent years, but it has not yet reached the same level of use as email phishing.
Email phishing is still the most commonly used method for launching phishing attacks, as it is a widely available and relatively easy method for cybercriminals to use. Email phishing attacks can also be automated and can target a large number of users at once, making them a popular choice for attackers. However, SMS phishing attacks are becoming more common, particularly as more people use mobile devices to access the internet and conduct online transactions. SMS messages can be used to trick users into providing sensitive information or clicking on malicious links, and the relatively short and concise nature of SMS messages can make them more effective for delivering targeted attacks. That being said, SMS phishing attacks are generally less common than email phishing attacks, in part because they require the attacker to have access to the target's phone number, which can be more difficult to obtain than an email address. Additionally, many mobile devices are equipped with anti-malware and anti-phishing software that can help protect against SMishing attacks. Overall, while SMS hacking is a growing concern and can be effective in certain situations, email phishing remains the most common and widely used method for launching phishing attacks. It is important for individuals and organizations to remain vigilant and take steps to protect against both email and SMS phishing attacks.