Home > Research > Publications & Outputs > Mobile Terminated SMS Billing — Exploits and Se...
View graph of relations

Mobile Terminated SMS Billing — Exploits and Security Analysis.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Publication date2005
Host publicationThird International Conference on Information Technology: New Generations (ITNG'06)
PublisherIEEE
Pages294-299
Number of pages6
ISBN (print)0-7695-2497-4
<mark>Original language</mark>English
EventIEEE Third International Conference on Information Technology : New Generations - Las Vegas, USA
Duration: 1/04/2006 → …

Conference

ConferenceIEEE Third International Conference on Information Technology : New Generations
CityLas Vegas, USA
Period1/04/06 → …

Conference

ConferenceIEEE Third International Conference on Information Technology : New Generations
CityLas Vegas, USA
Period1/04/06 → …

Abstract

This paper analyses mobile terminated (MT) SMS billing, an area of mobile commerce which has undergone massive growth with the maturation of mobile content delivery on 2.5G mobile networks. Although the short message service for GSM devices was never designed to be a facilitator for micropayments, premium SMS services have been embraced by many network operators worldwide. We investigate its inherent insecurity as a payment solution and show how existing systems can be used for fraud or to deceive users. From a UK perspective, we see how the standardisation of mobile platforms with J2ME combined with WAP delivery have enabled the rise of the mobile content industry, with premium SMS as the most method common of billing. Threats to the established business models are addressed, with particular attention paid to the potential for severe disruption from mobile (SMS) spam. Furthermore, we present attacks on MT SMS systems, showing how a malicious attacker could damage the mobile content industry by undermining consumer confidence in premium rate SMS payment solutions.