SMS Gateways and security

I heard through the media today that my credit cards might have been compromised. A bunch of hackers (the kind that waste air on this planet) managed to get their hands on credit card databases located on commerce sites which didn’t have adequate security mechanisms in place. These hackers then proceeded to publish this information so it can further be used by other air wasters.

So what has all this got to do with SMS Gateway service providers ?

Well, I happened to come across a very interesting article published in the December 2008  issue of the Journal of Computer Security titled ”Exploiting Open Functionality in SMS-Capable Cellular Networks”.

In general, the Internet is not a very secure ecosystem. It provides at least the same degrees of freedom the real world does, the kind that on one hand enable constructive forces to create amazing things and on the other enables destructive forces to make life harder for everyone else.

The world of telephony comes from a different culture. Controlled by tightly standardized protocols, centralized management and registered players causes the amount of foul play in this ecosystem to be drastically smaller than the levels seen on the public Internet.

As you might know, SMS Gateway service providers connect between the Wild West of the Internet and the organized world of telephony systems by closing business agreements with mobile network carriers. These carriers enable the SMS Gateway provider to receive bulk SMS requests from the public Internet and to then transfer these requests to the SMSCs of the mobile network carriers (the SMSC is the SMS Center, used by the mobile network carrier to store and dispatch the messages eventually to the base stations and the remote mobile phones).

So in terms of security, what happens is that this connection brings the security hazards of the Internet (in the form of easier anonymity, easier access to operate the service, easier access to massive delivery throughput) right to the doorstep and through the door into the domain of the telephony networks.

The article demonstrates how in this situation, using SMS Gateways a malevolent individual has “the ability to deny voice service to cities the size of Washington D.C. and Manhattan with little more than a cable modem”

See – if everyone purchased their own SMS Gateways – we wouldn’t be under this threat… :-)



Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

© SMS Gateways