Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Spamming through SMS

Spamming through SMS

by Phiber on February 16th, 2001 Any html or javascript included in a GSM SMS (short message service) message, sent or recieved, will be activated when a person enters the page with the message on it (Inbox or Outbox)....


Impact - spamming

I havenīt tested this, but in theory it is possible for spammers with a SMS spam program to send messages, including the meta refresh code, to all of the users of mtnsms.com. The result would be that when a member enters their inbox he or she will directly be sent to the website chosen by the spammer. It will also be very difficult, specially if a high speed connection is used, to remove the spam for the user.



Impact - individual/mass sabotage

Instead of spamming, the sender could include malicious code in the message causing the browser to crash or the computer to freeze. One method is to include the meta refresh code, sending a member
to a webpage with, for example, the "Self Referenced Frames Crash" which affects various o/s and/or the "Invalid WAVE Crash" (Bugtraq June 1999).



Impact - sender generated

The really annoying part when it comes to security is that the users themselves often cause more
problems then outside attackers. This is the issue here as well. If a user sends a message containing
code, the code will activate when the users visits the Outbox page.



Contributed by Thomas Sjorgen on a Bugtraq mailing list


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »