So the complaint is that no one tells the world about the insecurity of text messages. And the blame is laid on a network provider.<p>This is wrong. First of all I think it's a bad idea to jump on the (valid!) privacy complaint against O2 in the UK with this unrelated thing. Second, as many pointed out already: This is not a problem of any carrier.<p>So your peers are surprised if you send a text message from their mum's number? Sure, understandable and maybe that needs to be fixed. But your carrier is not responsible for that in my world, just as yahoo/google etc. cannot protect you from most spoofs in the mail world.<p>And - gasp! - you can do similar things with a call (ever noticed that Skype offers to call 'from your number'?).<p>If the article wouldn't hijack a real issue _and_ wouldn't blame the wrong target, then I think there's a valid point somewhere in there: We, the technical crowd, should find a way to educate people around us about inherent trust issues. But that should be a constructive project, not mud slinging.
This is not the fault of any one network; it's a fact of life when it comes to SMS. You can have all kinds of fun, whether it's messages that appear to be from you, your friend, or 11 characters of your choice, an SMS that will only display without being stored, or even a voicemail notification.<p>There's a nice guide to the format here:<p><a href="http://www.dreamfabric.com/sms/" rel="nofollow">http://www.dreamfabric.com/sms/</a>
This is just silly. Anyone who has industry experience knows that it's trivially possible to spoof SMS phone numbers. Just like with email, it's possible to make the system more secure but given the margins associated with SMS, not likely.<p>For a clear example, imagine that I'm roaming in Zimbabwe with my UK cellphone. I send an SMS through the Zimbabwe carrier. It (eventually) arrives to the UK recipient network, ready to be delivered. That network could do some form of verification, but as they only get the final billing tally a few days or weeks later from the Zimbabwe ISP, they don't have enough information to do so.<p>It would not make any sense for the carriers to do SMS verification. And given that emails are far easier to get people to click on links to phishing and malware sites, spoofing SMSs has limited value.<p>Also, did you know that I could phone you and claim to be someone else?
The SMS service that I use to send messages has an option to send an SMS 'from' any number I choose and it works nicely.<p>I can send messages 'from' anyone I want - and we actually use this feature to facilitate a user to easily get replies to her messages sent directly to her phone.
Just so you know, this is what Orange had to say about the site <a href="http://www.hoaxmail.co.uk" rel="nofollow">http://www.hoaxmail.co.uk</a>:<p>Hi Richard<p>Although I can understand why you may be concerned over the potential misuse of the below site, this is a third-party service which is independent of Orange and we would have no control over its existence.<p>If you have received an offensive or questionable message from this service, you can report this to them for investigation via <a href="http://www.hoaxmail.co.uk/help/faq.php?ref=H13" rel="nofollow">http://www.hoaxmail.co.uk/help/faq.php?ref=H13</a> .<p>I hope this helps!<p>Darren
Orange Helpers
Sorry but this is a null issue, I have Text message APIs that allow me to specify the sender ID. I understand your app is sexy in that it works off the phone but anyone with a few pounds can do this.<p>Text message spoofing is easy, CLI spoofing is the "cool" thing todo, and if you can spoof the Passert ID then you are gold
There is lots of people saying that filtering SMS would be impractical for carriers. Could you explain why that is? Wouldn't it be relatively trivial to check if the number in the SMS header matches the number of the SIM card sending the message?
To be clear, I am well-aware this is not a new issue. However, in the context of the Leveson enquiry into phone "hacking" and O2's recent blunder, I think it is a great time to revisit this issue.