Call Sms spam: Online calls and sms bombers

-

 


It would appear that SMS bombing (also known as Text bombing) doesn't seem to have a definition that all experts agree upon. Many of the hits you get on Google will tell you that SMS bombing is the act of using an automated tool to send a large number of text messages to a single person in a short period of time. Apparently, people think that this is a very funny practical joke.

For some, however, SMS bombing is far more than a hilarious prank. Certain experts say that the sending of pre-composed texts to many different phone numbers can also be classified as SMS bombing. As you might have guessed already, having the ability to reach a large number of people with the click of a few buttons can help with a variety of different tasks, including the marketing of a product or a service. In other words, some people make a living out of SMS bombing.

SMS bombing and security

The fact that there is no agreement on what SMS bombing actually is means that it's also difficult to say how it can affect the people who are on the receiving end of it. Normally, when you want to prank someone, you tend not to put their security at risk which means that, for the most part, annoying a friend with a vast number of texts sent very quickly shouldn't be that dangerous. That being said, Google has banned some SMS bombing applications because they have been used for bullying and harassment.

SMS spam is not possible without an automated SMS bombing tool. Sending unsolicited (and/or fraudulent) text messages is nowhere near as prevalent as spamming through email, but it is just as dangerous.

So, in a word, yes, people engaged in SMS bombing can put you in harm's way. They can do it in more ways than one.

When SMS bombing crews mishandle your data

To send text messages to many people, you obviously need many phone numbers. As security researcher Bob Diachenko found out recently, however, in addition to their contact details, the people behind some SMS bombing operations like to gather a bit more information about the recipient of their texts.

The biggest folder was named "leads", and it held a smidge over 80 million records. Within each record, he found an email address (MD5 hashed), a first and a last name, a physical address, a phone number and the name of the cellular provider, an IP address, and a line type. The name of the database was ApexSMS which coincides with the name of an SMS bombing tool that is widely advertised on hacking forums and marketplaces for black hats.

Names and admin addresses in the database led Whittaker to a few advertising companies who were quick to deny any wrongdoing. He remains skeptical but says that the legality of the whole operation is "for the courts to decide".

It's unknown how whoever created the database got their hands on all that information. What we do know is that shortly after Bob Diachenko found it, it was taken down and is no longer publicly accessible. We also know that this is the latest in a long line of incidents which prove that both legitimate companies and scammers don't do enough to protect people's data.


Here the few sites links

Link 1

Link 2

Link 3

Link 4

Link 5


Comments

Post a Comment

Popular posts from this blog

Mobexler: Os built for Pentesting

-
Image
  Mobexler Mobexler is a customized virtual machine, based on Elementary OS, designed to help in penetration testing of Android & iOS applications. Mobexler comes preinstalled with various open-source tools, scripts, prerequisites, etc. which are needed for security testing Android & iOS application. Mobexler is  unique  for several reasons: O ne platform capable of managing Android Device/emulator and iOS devices, both at the same time. Comes preinstalled with various updated tools that are needed for security testing. Tools like MobSF are run inside a docker container, which ensures that it is easier to download the newer versions. Running MobSF in the container also gives the capability to perform static analysis on IPA, which otherwise requires Xcode tools. iOS devices can easily be connected through USB and various tools can be used to perform the testing, like Frida, Objection, Hopper, etc. Free for everyone to use. Default Configuration OVA file size: ~16GB...
Read more

Frida: Hook methods

-
Image
  💉 Frida's Gadget Injection on Android: No Root, 2 Methods You will learn  Method 1 :  If targeted APK contains any native library ( <apk>/lib/arm64-v8a/libfromapk.so ), then you can inject  libfrida-gadget.so  as a dependency into the native library. Method 2 :  If APK doesn't contain a native library, then you can inject  System.loadLibrary  bytecode. Basic use case:  you've got a third-party APK (Android application package), and you want to debug/trace/explore/reverse-engineer it, and you have your personal Android phone which you don't want to root. It means you need Frida's Gadget. How it basically works Note: where to get an APK Google Play doesn't allow you to download APK directly. If you decide to analyze some APK, but you haven't got one yet, you have a bunch of options then:  https://www.google.com/search?q=download+apk . https://apkpure.com https://apkmirror.com https://apkcombo.com etc. Method 1: Inject a libfrida-...
Read more

Charles: http/https proxy

-
Image
  Chalres Proxy: Able to interpret , Interrupt both http/https and websocket all Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information). What Is Charles Proxy? Charles Proxy is a web debugging tool that monitors the network calls and decrypts the web traffic. It helps in understanding the content in your network call. E.g. Requests sent to the server and data fetched from the server etc. This network debugging tool can read the web traffic of Windows, Android and IOS devic es. Configuration Of Charles Proxy On Windows / Mac OS Charles Proxy sits between you & the server and monitors all network calls.  For example,  if you are searching for something on Google, then your machine should make a call to the Google server with the search query. Charles ac...
Read more