How to hack a SMS Header
A2P SMS — Application to person sms system involves sending bulk SMS without SIM card directly from an application.
A typical SMS header registration involves following registration:
Remember, all these three are approved by Telecom Operators.
- Entity
- Header
- Template
All the three details are mandatory to send a SMS. These are stored in DLT Platform (Blockchain based) which is accessed by Telecom Operators (Airtel, Vodafone Idea, Jio, Tata Communication, BSNL, MTNL, etc).
SMS is pushed using API or web-portal provided by Tele Marketers.
The Vulnerability:
Three unique identifiers are very confidential in order to send A2P SMS. These identifier are with majorly two entities:
- DLT — Telecom Operator
- Tele-Marketer (SMS Partner) :: Unregulated Entity
In case by any chance the database server / system of Tele-marketer is compromised by an adversary, the three unique identifiers can be used at any tele-markters to send SMS on your behalf.
How easy it is?
Since the Tele-Markters are unregulated, and are onboarded by Telecom Operators, they implement weak security mechanism at API Level and Portal.
Also due to absence strict guidelines on due diligence while onboarding any customer at Tele-marketer level, no-one will cross question on ownership of SMS header while providing stolen credentials.
The Fix
- Bring Tele-Marketers under the ambit of regulations.
- An additional authentication mechanism needs to be introduced which will ask for re-authorization in case of Tele-Marketer change.
- Heavy penalty on lapses seen in Tele-Marketer / Telecom operator.
- ********
Regulatory Reference : https://trai.gov.in/sites/default/files/RegulationUcc19072018.pdf
