Is it specifically something about SMS protocol, the proprietary software used t

Question

Is it specifically something about SMS protocol, the proprietary software used to do message routing, or perhaps an ACL on the server? I would imagine that a gateway accepting emails from anywhere that were then sent via SMS would check the from field on any incoming message against RFC5322, but then again this is clearly not the case since some gateways allow any message through, allowing for spoofing.

Can someone explain where in the entire process this is weak, and why? Also why do they not fix things like this?

Explanation / Answer

There is nothing wrong with SMS. Let's reverse engineer, and redesign the whole network as if to protect communication between two people.

1) Let's make it a point-to-point communication network where there's a salt known only to the sender and receiver and the phone numbers are encrypted. This prevents spoofing and/or spam.

2) the gateway itself only has one instance, and that instance is secured by at least 256 bit encryption, and is physically isolated from other equipment and tampering. To ensure that endpoint device theft isn't an issue, offline mode is disabled.

3) A one-time phone number can be used to send SMS to users outside of this secure environment restricting the original phone number from being harvested or spoofed.

4) Phone number blocks all SMS's for numbers not on contact list. . . . . Now, we forward engineer about 20 years, scale it using enteprise and off-the-shelf equipment and call it Snapchat (and hack off the group messaging feature). It's now more secure than President Obama's Blackberry, but still isn't impervious to jealous girlfriends, wives, and screen shots.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.