Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.

On the Exploitation of Online SMS Receiving Services to Forge ID Verification

Abstract

Communication service providers (e.g., Whatsapp) enable users to connect with people around the world. These services have been widely adopted and used by millions of users, and such services have emerged as a replacement of the transitional calling and messaging. Unfortunately, these communication services have also been used to commit illegal activities and serious crimes. Therefore, service providers ask for user's phone/mobile number to verify the user's identity and to prevent misuses.

The Internet is full of freebie services. Short Message Service (SMS) receiving services/websites are one of them. These message receiving websites provide users with real phone numbers and allow them to receive messages. In this paper, we investigate whether these message receiving website have been used as a tool to forge identity verification - typically done using One Time Passwords (OTP) - required for account creation. In our initial investigation, we created and successfully verified accounts for several messaging/calling apps as well as for social networking sites/apps using these message receiving services. Motivated from these findings, we collected and analyzed over 900K unique SMS messages received (upon request of other users) on 18 SMS receiving websites. Our analysis of these messages shows that 82.34% received messages included an OTP. This situation is very alarming that demonstrates the tendency of people to evade identity verification to create online accounts. We also found that the majority (52.47%) of verification code were six-characters long while nine-characters long verification codes were the least used.


Authors: Md. Hajian BerenjestanakiMauro Conti; Ankit Gangwal

Date of Publication: August 2019.

Publisher: Association for Computing Machinery, New York, NY, United States.

Conference: ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security.

Join the community
Follow us and stay connected and updated.
Slider
EU flag Copyright © 2020 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.