Editing SMS (section)

== Vulnerabilities ==
[[File:SMS Phishing Attack Example.jpg|thumb|An example of a [[phishing]] attack through SMS, showing a fake message and URL claiming to be from [[Apple, Inc.|Apple]]]]
{{see also|Mobile security#Attacks based on SMS and MMS}}
The Global Service for Mobile communications ([[GSM]]), with the greatest worldwide number of users, succumbs to several security vulnerabilities. In the GSM, only the airway traffic between the [[Mobile Station]] (MS) and the [[Base Transceiver Station]] (BTS) is optionally encrypted with a weak and broken [[stream cipher]] ([[A5/1]] or [[A5/2]]). The [[authentication]] is unilateral and also vulnerable. There are also many other security vulnerabilities and shortcomings.<ref>{{cite conference |url=https://ieeexplore.ieee.org/document/4756489 |title=Solutions to the GSM Security Weaknesses |book-title=Proceedings of the 2nd IEEE International Conference on Next Generation Mobile Applications, Services, and Technologies (NGMAST2008) |pages=576–581 |location=Cardiff, UK |date=September 2008 |arxiv=1002.3175 |doi=10.1109/NGMAST.2008.88}}</ref> Such vulnerabilities are inherent to SMS as one of the superior and well-tried services with a global availability in the [[GSM]] networks. SMS messaging has some extra security vulnerabilities due to its store-and-forward feature, and the problem of fake SMS that can be conducted via the Internet. When a user is roaming, SMS content passes through different networks, perhaps including the Internet, and is exposed to various vulnerabilities and attacks. Another concern arises when an adversary gets access to a phone and reads the previous unprotected messages.<ref>{{cite conference |url=https://ieeexplore.ieee.org/document/4625610 |title=SSMS – A Secure SMS Messaging Protocol for the M-Payment Systems |book-title=Proceedings of the 13th IEEE Symposium on Computers and Communications (ISCC'08) |pages=700–705 |date=July 2008 |arxiv=1002.3171 |doi=10.1109/ISCC.2008.4625610}}</ref>

In October 2005, researchers from [[Pennsylvania State University]] published an analysis of vulnerabilities in SMS-capable cellular networks. The researchers speculated that attackers might exploit the open functionality of these networks to disrupt them or cause them to fail, possibly on a nationwide scale.<ref>{{cite conference |url=http://www.smsanalysis.org/smsanalysis.pdf |title=Exploiting Open Functionality in SMS-Capable Cellular Networks |book-title=Proceedings of the 12th ACM conference on Computer and communications security |pages=393–404 |date=7–11 November 2005 |location=Alexandria, Virginia, USA |doi=10.1145/1102120.1102171 |archive-url=https://web.archive.org/web/20090530001643/http://www.smsanalysis.org/smsanalysis.pdf |archive-date=2009-05-30 |url-status=dead}}</ref>

=== SMS spoofing ===
{{main|SMS spoofing}}
The only sure way of detecting and blocking spoofed messages is to screen incoming mobile-originated messages to verify that the sender is a valid subscriber and that the message is coming from a valid and correct location. This can be implemented by adding an intelligent routing function to the network that can query originating subscriber details from the [[home location register]] (HLR) before the message is submitted for delivery. This kind of intelligent routing function is beyond the capabilities of legacy messaging infrastructure.<ref>{{cite web|url=http://www.openmindnetworks.com/SMSSpoofing.asp |title=An overview on how to stop SMS Spoofing in mobile operator networks (September 9, 2008) |access-date=September 12, 2008 |url-status=dead |archive-url=https://web.archive.org/web/20080926182131/http://www.openmindnetworks.com/SMSSpoofing.asp |archive-date=September 26, 2008 }}</ref>

=== Limitation ===
In an effort to limit telemarketers who had taken to bombarding users with hordes of unsolicited messages, India introduced new regulations in September 2011, including a cap of 3,000 SMS messages per subscriber per month, or an average of 100 per subscriber per day.<ref>{{cite news |url=http://www.thejakartaglobe.com/asia/3000-sms-a-month-limit-in-india-from-today/467985 |archive-url=https://archive.today/20130204011520/http://www.thejakartaglobe.com/asia/3000-sms-a-month-limit-in-india-from-today/467985 |url-status=dead |archive-date=February 4, 2013 |title=3,000 SMS a Month Limit in India From Today |date=September 27, 2011 |author=Nirmala Ganapathy |newspaper=Straits Times Indonesia |access-date=November 10, 2011 }}</ref>  Due to representations received from some of the service providers and consumers, [[Telecom Regulatory Authority of India|TRAI]] (Telecom Regulatory Authority of India) has raised this limit to 200 SMS messages per SIM per day in case of [[Prepaid mobile phone|prepaid]] services, and up to 6,000 SMS messages per SIM per month in case of [[postpaid]] services with effect from November 1, 2011.<ref>{{cite web |url=http://www.trai.gov.in/WriteReadData/trai/upload/PressReleases/843/press_release_for_8th_amendmenet.pdf |title=TRAI extends the 100 SMS per day per SIM limit to 200 SMS per day per SIM |access-date=November 16, 2011 |url-status=dead |archive-url=https://web.archive.org/web/20111111163646/http://www.trai.gov.in/WriteReadData/trai/upload/PressReleases/843/press_release_for_8th_amendmenet.pdf |archive-date=November 11, 2011 }}</ref> However, it was ruled unconstitutional by the Delhi high court, but there are some limitations.<ref>{{cite news |url=http://www.thehindu.com/news/national/article2832402.ece |title=TRAI cap on SMS goes |newspaper=[[The Hindu]] |date=January 26, 2012 |access-date=February 24, 2013 |archive-date=December 12, 2012 |archive-url=https://web.archive.org/web/20121212073602/http://www.thehindu.com/news/national/article2832402.ece |url-status=dead }}</ref>