Years ago I had a bit of a tiff with my cell phone carrier. I was getting spam via SMS and they bluntly told me they had never heard of such a thing and had no idea how to stop it from happening. Since I was charged a fee per message, I assumed this problem would take a long time to resolve itself, and so I just lodged a formal complaint to my carrier and was forced to disable SMS and wait.
Here’s a guy who has an even bigger issue:
Bubrouski, a computer science major at Northeastern University in Boston, is the proud owner of ‘Null@vtext.com,’ an account on the popular Verizon text messaging service that allows Internet users to send e-mail and IM messages directly to his cell phone as SMS text messages.
Bubrouski said he was just being clever when he signed up for a Verizon vText account with the user name ‘null,’ after his parents bought him his first mobile phone during his freshman year at Northeastern, in 2001.
Ooops. Now he receives loads of unroutable SMS messages on his phone including information from people who forget to fill out the “to” field:
That data has become more sensitive in recent months, as companies rush to deliver everything from SAT test scores to medical information and automobile diagnostics to cell phones and PDAs.
Bubrouski’s experience, while unusual, could be a sign of growing pains in the wireless industry, as companies rush to provide wireless data services, overlooking steps that could secure the data in transit, according to one security expert.
Unbelievable, really, that the “null” account would be assigned to an end user in the first place, but even more shocking that messages can be sent without proper routing information.
The eWeek article is a fun overview on why SMS still needs a lot of security to be bolted on and perhaps even why it will require a major redesign or replacement in the near future.