Computer Crime Research Center

etc/research2.jpg

SMS spoofing again

Date: August 19, 2005
Source: indiatimes Infotech


SMS spoofing is emerging as a menace and might hamper the growth of the mobile industry. For the uninitiated, with SMS spoofing a cyber criminal can send an SMS to anyone on the cell phone without touching it. This also implies that if the person (who receives the message) goes to the reply mode of the phone and writes any reply text after receiving the spoofed SMS, it will again come back to the same person. This has serious security ramifications and the scope for misuse is enormous.

Pune-based Network Security Solutions has developed a mobile messaging application, which it believes will make SMS safe. The company claims this to be the world's first secure SMS system.

The technology uses 163-bit elliptical curve/1024 RSA cryptography. At present, SMSes are not encrypted between the base station and the cellphone.

XMS can be downloaded and bought by a single holder. The message can be securely encrypted and transmitted so that only the designated recipient of this message is able to open this message.

The XMS system is presently compatible with 36 Symbian 7.0 OS operated GSM mobile devices soon CDMA phones would also be XMS compatible. The XMS suite of products provides password-based symmetric or shared key asymmetric crypto operation to ensure complete security between both the parties.

The system also has an Anti theft feature that enables SMS and phone blocking, thus, avoiding the misuse of information contained in the messages. If the phone is lost, a simple SMS from another phone would lock the misplaced phone thus protecting information contained in it.

Till this technology is freely available, it would do well to take the authenticity of SMS message with a pinch of salt.
Original article



Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-14 02:36:44 - No it's not the first Encrypted SMS system... Tony King
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo