Eavesdropping on SMS Messages inside Telco Networks
Fireeye reports on a Chinese-sponsored espionage effort to eavesdrop on text messages:
FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts. APT41’s operations have included state-sponsored cyber espionage missions as well as financially-motivated intrusions. These operations have spanned from as early as 2012 to the present day. For an overview of APT41, see our August 2019 blog post or our full published report.
Yet another example that demonstrates why end-to-end message encryption is so important.
me • November 7, 2019 7:10 AM
i have created an iot device to remotely control my heating system and i have signed&encrypted my sms (using fernet).
i now see a strange behavior: there are ghost sms appearing.
the program is designed to check for new sms, decrypt, do something, save to disk and delete.
the problem is that sometimes it report “new” incoming sms that are in fact not new. luckily i designed my sistem to prevent replay attacks.
i just don’t get if thes “ghost” sms are really sent from the mobile phone operator or it’s a bug in the sim or 3g router.
has anyone ever experienced deleted sms reappearing?
if you try to read a deleted sms most of the time the modem (using at commands) returns “erorr” because there is no sms.
but sometimes it returns the deleted sms.