Sending Out an SMS - Characterizing the Security of the SMS Ecosystem with Public Gateways

Explore the security implications of the SMS ecosystem and public gateways in this 15-minute IEEE conference talk. Analyze the findings from a longitudinal study of nearly 400,000 text messages sent to public online SMS gateways over 14 months. Discover the vulnerabilities in benign services sending sensitive plaintext data and implementing low entropy one-use codes. Gain insights into SMS spam prevalence and behaviors indicating the use of public gateways to evade account creation policies requiring verified phone numbers. Examine the challenges in combating phone-verified account fraud and the difficulties in detecting and preventing such evasion. Learn about the ethical considerations, one-time password (OTP) verification codes, misuse of personally identifiable information (PII) in SMS, and various forms of abuse including spam, phishing, and geo-fencing messages.

Intro
SMS Ecosystem
Public Gateway
Ethics
OTP/Verification Codes
Misuse: Pll in SMS
Abuse: Spam and Phishing
Abuse: Geo-Fencing Messages to
Abuse: Phone Verified Accounts OF
Takeaways