Social Question

Zaku's avatar

Can a hacker make an SMS text message look like you sent it to THEM?

Asked by Zaku (25742points) March 13th, 2012

I know SMS text messages can be intercepted, and that one can send an SMS text message as if it were sent from someone else.

But what I am wondering, is whether someone can change the TO number on a message someone did send, without physical access to the phone?

This happened: Victims A and B are texting each other. Victim A remembers replying to a text from victim B, but: Evil hacker C replies to that reply text from Victim A. Victim A looks at their reply the next morning, and it shows C’s phone number as the person it was sent to. B was at C’s house at the time, though A and C were not there, and were not together (unless C also has some sort of device at A’s house). So I see that C could have intercepted the message by having a device at C’s house set to intercept all traffic, or B’s traffic (which even seems likely), but could C also have changed A’s message to look like A sent it to C?

In other words, the script was:
B to A: Hi.
A replies to B: Hi, see you at 9.
C to A: Oh really?
A looks at their own message history, and sees it says they texted C, even though they can’t imagine how that could have happened even by accident.

(This is an actual situation that happened. Yes C is insane, has technical knowledge of security/hacking, and spies on B’s communications.)

Observing members: 0 Composing members: 0

9 Answers

LuckyGuy's avatar

Let’s say I am C. I make an email address with B’s phone number. I use Vtext to send a message to A . A will reply thinking it is from B, but C will will get it.
I’d stop using SMS and start making direct phone calls. Your defense is to set up C for a fall. Make lots of false appointments with B. Discuss this setup off line. Got it?

Zaku's avatar

Yes, that’s a good idea for a bait.

I can see how C could get A to reply to a fake message C sent as if he were B, but is it possible to spoof the headers so there is a “reply to” is SMS? Seems like it would need to appear to A as if it came from B, but have the reply go to C. Is that possible with SMS?

LuckyGuy's avatar

That is why the account name is the phone number of the person you want to spoof. Open a throwaway account at hotmail, yahoo or gmail using B’s 9 digit phone number. The From would have that address. If the name is B’s, That number will show. Taking this further , if C is a rea psycho , C can open a throwaway account with B’s name. Then A would not have any idea.what’s going on. That is why you need to mess with C now. Make the plans by phone or in person. Then sit back an enjoy.
Let’s meet tonight at Olive Garden. Tomorrow write “Sorry I couldn’t make it. Let’s meet at Friendly’s. Or the McD’s on the East side of town where nobody will know us.”

Zaku's avatar

Wow. Very wild and thank you very much for explaining how that could be done! Shudder.

LuckyGuy's avatar

It gets better. Imagine C opens an email account in B’s name and sends you and email saying “I just opened this new account because the creep C might have hacked mine. Two or three conversations back and forth and you would believe you were talking to B – or C thinks you believe you are talking to B. Then you can have some fun.
Shall we meet tonight at the motel we both liked so much last month? You remember, the one that starts with S? Don’t say the name in case anyone is reading.
And say nothing about the weekend with the twins. I still smile when I think about it. Please keep the videos our secret.
Got it?

Response moderated (Spam)
Response moderated (Spam)
Response moderated (Spam)

This discussion has been archived.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther