SMS Security Issues

03 min

On the last day of 2015, the pro-Ukrainian hacker group RUH8 congratulated the residents of Russia on the New Year in a rather original way by posting nearly 300,000 SMS messages from Russians online. The archive included dates, sender data, and the text of the SMS.

The released archive was accompanied by a message:

I want to remind Russians that there is nothing secret that would not become evident, nor anything hidden that would not become known, and I wish that your rudeness, lies, ignorance, lust, your betrayals, passions, mistakes, unfulfilled promises remain with you in the New Year! The FSB will not protect you, the Ministry of Internal Affairs will not protect you, the FSTEC will not protect you, and ***lo will not help. Rete nostrum, we are waiting for you in the network.

RUH8

Such episodes should be assessed by law enforcement agencies; I wanted to draw attention to the insecurity of SMS as a data transmission tool. SMS is perhaps one of the most dangerous ways to transmit information. Leaks of users' SMS messages to the network are alarmingly frequent – and, unfortunately, they occur for a variety of reasons.

The most notorious of such scandals was the leak of SMS sent from the mobile operator MegaFon’s website, which occurred in 2011. Many of you know that messages can be sent not only from a phone but also through websites. Moreover, in the latter case, there is no charge for sending SMS, which is why this method remains a fairly popular tool.

However, due to incorrect configuration of the robots.txt file and analytics tools on the MegaFon mobile operator's website, the Yandex search robot began to index SMS sent by users from the site, and they appeared in search results for the query url:www.sendsms.megafon.ru* | url:sendsms.megafon.ru*.

![](https://book-cyberyozh.ams3.digitaloceanspaces.com/1745412401881-Изображение 376.jpeg)

The problem was resolved quite quickly; however, a huge number of users' SMS messages ended up in the public domain, which caused a scandal that, if I remember correctly, was followed by lawsuits. Users of popular resources began to disseminate the content of the messages, discussing the most interesting texts.

In addition to operator websites, various third-party sites also provide the ability to send SMS from web pages. You can find them in the search engine by querying "send SMS." By using such sites, you transmit all the data, namely the recipient's number and the text of the SMS. Unlike operators, such sites care little about the security of this information: by collecting data, they usually either sell it or use it for advertising purposes.

Helpful?

Previous articleHow Hackers and Intelligence Agencies Hack VPNsNext articleSelf-Destructing SMS. Checking if Third Parties Read Our SMS

Stay in the loop

Subscribe to our updates so you never miss a thing.