This paper studies SMS/MMS spoofing through legacy email-to-text gateways.
The core finding is that we can spoof text messages between arbitrary phone numbers, directly into existing conversation threads on iPhone and Android, using only email.
The attack combines weak sender validation in carrier email-to-text gateways with how modern messaging apps merge conversations across iMessage, RCS, SMS, and MMS.
The issues reported in the paper have since been patched or mitigated by AT&T, Verizon, T-Mobile, Google Fi, several smaller carriers, Apple, and Google.
The core finding is that we can spoof text messages between arbitrary phone numbers, directly into existing conversation threads on iPhone and Android, using only email.
The attack combines weak sender validation in carrier email-to-text gateways with how modern messaging apps merge conversations across iMessage, RCS, SMS, and MMS.
The issues reported in the paper have since been patched or mitigated by AT&T, Verizon, T-Mobile, Google Fi, several smaller carriers, Apple, and Google.