sms forging xplendor

7/29/2019 SMS Forging Xplendor

1/21

SMS Forging & Countermeasures

By

Sunny Vaghela

[email protected]


2/21

Session Flow

SMS Introduction

SMSC Overview SMS Routing in GSM

SMSC Implementation

SMSC External Interfaces

SMS Types CIMD 2.0

MO-MT,AO-MT Routing

SMS Spamming

SMS Forging

Solutions


3/21

SMS & SMSC Overview

SMS is a globally accepted wireless service that enables the

transmission of alphanumeric messages between mobile subscribersand external systems such as e-mail, paging and voice mail systems.

SMSC is a server which serves as a main controller for routing of

Short messages and for storing and forwarding of SMS.

Reasons why SMSC is required? Routing of SMS Temporary storage

Retries Value added service on SMS Interconnect mechanisms for various services like Paging, VMS,E-mail, etc.


4/21

SMS Routing in GSM


5/21

SMSC Implementation

There are two ways to implement the SMSC server in GSM network.

1. SMSC server itself having Gateway functionality.

2. SMSC server only for storing and forwarding and MSC is having

Gateway functionality.


6/21

SMSC - 1

In this set up the SMSC server is connected to MSC via ss7 signaling

links and talks on MAP layer.

The SMSC server itself performs the SMS routing functionality and

sends and receives MAP layer messages.

Advantage

Since the SMSC itself is doing the routing, it becomes very easy to

troubleshoot various SMS routing related problems.

Disadvantage

High number of signaling links required to handle high SMS traffic.

Hence it requires costly SS7 cards and stacks in the SMSC server itself.


7/21

SMSC - 2

In this set up the SMSC is connected with MSC on TCP/IP links.

This set up with Nokia SMSC is only possible with Nokia MSC. It isnot supported with other vendors MSC.

Advantage:

Very less number of TCP/IP links can cater to very high SMS traffic.

Disadvantage:

The functionality of SMSC server is restricted to only store andforward. It is also very difficult to resolve routing related

functionalities as MSC is doing the same.


8/21

SMSC External Interfaces


9/21

SMS Types

Mobile Originated SMS

Mobile Terminated SMS

Application Originated SMS

Application terminated SMS


10/21

MO MT & AO-MT Routing


11/21

MO MT & AO-MT Routing


12/21

SMS Spamming

In case of MO-MT SMS,Private SMS providers tries to spoof SDCCH

Channel.

They Spoof MSC Address which will used to authenticate to Nokia

SMSC.

After getting Access to Nokia SMSC, they will send Thousands spoof

SMS from random sender id.


13/21

SCCP/SDCCH Address info

0791 7283010010F5 040BC87238880900F10000993092516195800AE8329BFD4697D9.

07- Length of the SMSC information (in this case 7 octets)

91 - Type-of-address of the SMSC. (91 means international format ofthe phone number)

72 83 01 00 10 F5- Service center number(in decimal semi-octets).The length of the phone number is odd (11), so a trailing F has beenadded to form proper octets. The phone number of this servicecenter is "+27381000015".

04- First octet of this SMS-DELIVER message

0B-Address-Length. Length of the sender number (0B hex = 11 dec)

C8-Type-of-address of the sender number72 38 88 09 00 F1- Sender number (decimal semi-octets), with atrailing F.


14/21

SMS Forging

SMS Forging is the Technology which anyone can send SMS from

any number of their choice.

This is made possible due to AO-MT feature of SMSC.


15/21

SMS Forging

When SMS is sent using application, it is routed throughinternational gateways.

Message id of SMS is spoofed at International gateway.

Finally SMS is routed to destination SMS Center number.

As there is no authentication system, it is sent to destinationnumber with spoof ID.


16/21

SMS Forging

Live Demo


17/21

Solution for MO-MT Spam/forging


18/21

Rules Based Filtering

Rules_orig_int file is defined for filtering the SMS coming from the

Pvt Gateways with the virtual MSC Id.

It checks for the IMSI as well as MSISDN.

If anything found fishy, it simply reject the message.

MNP feature is included for future purpose.

If MSISDN & IMSI not found for MO SMS then,

$>SMSC3>rules_orig_int

&&


19/21

Solution for AO-MT SMS Spam/forging


20/21

Rules Based Filtering

Rules_dest_nat & rules_dest_int checks for the registered

application address.

If not found,it rejects the SMS.

If app address is not registered then,

$>SMSC3>rules_dest_nat

&&


21/21

Thank You

sms forging xplendor

Documents