SMS non-hole discovered by CEO of Draym in Belgium

By on January 16, 2007 in News, Services

Link: Expatica – Living in, moving to, or working in Belgium, plus News in English

Fabrice Myard, the CEO of Draym, a Belgian company that hosts websites, has demonstrated how SMS can be sent using someone else’s number and at the person’s expense with a simple programme available to users online.

All the operators are concerned that the simplicity of the programme could result in large-scale fraud.

Fabrice Myard uses SMS and had, from another phone, used his caller ID to unlock his comany’s servers remotely. He had searched for the programme to do this as he had misplaced his mobile phone. He managed to unlock the server in less the 20 minutes.

He only appreciated the gravity of this shortcoming of the SMS system later and reported the programme to the authorities.

The dynamic originator, offered by nearly every mobile services company…

About Ewan

Ewan is Founder and Editor of Mobile Industry Review. He writes about a wide variety of industry issues and is usually active on Twitter most days. You can read more about him or reach him with these details.
View all posts by Ewan

  • loopy

    “All the operators are concerned that the simplicity of the programme could result in large-scale fraud”.

    PLEASE REWRITE: ” All the operators [using so many external consultancy staff] are concerned that they do not have control of their own ‘carrier grade’ networks that a simple invasion programme can cause SO MUCH worry to them and expose the MASSIVE holes in their service”.

    It will come as no surprise to the operators that the issue they now face concerning such potential invasive technicques, will soon disappear when they are relegated to the position of ‘chief pipe stewards’ for the daily upkeep of network pipes so that the nimble IP based companies which supply everything that the mobile users want [at a price they want to pay] will ensure that such simple matters are taken care of within the time needed.

    PS. Fabrice must be talking about Proximus, they are ARSE………………..

  • njar

    I don’t get what’s happened here? Doesn’t sound like he’s using dynamic headers only. That would account for making the SMS look like it had come from a particular number, but doesn’t explain the charging to someone elses account? Sounds more like he’s hacked (inadvertently or otherwise) a carrier SMSC, and managed to submit messages from a certain MSISDN to go out directly from the carrier.

Switch to our mobile site