The study investigates the threats posed by SMS origin spoofing to IoT devices. The SMS is used for remotely managing IoT devices. However, the originating number of an SMS can be spoofed, posing a risk to IoT devices by accepting commands from attackers. The study evaluated specifications of major cellular IoT gateways, verifying the authentication bypass hypothesis. The results showed that a significant number of products supported SMS-based remote management, and several implemented authentication based on the SMS originating number. It was demonstrated that one product could be exploited remotely through authentication bypassing by spoofing the originating number of the SMS.

 

Publication date: 19 Oct 2023
Project Page: Not provided
Paper: https://arxiv.org/pdf/2310.11052