5G messages are not safe either? Will the SMS business die out if it is hit hard again?

[[348875]]

This is not the first time that 5G has been hit by security vulnerabilities. At the end of last year, researchers from Purdue University and the University of Iowa discovered multiple security vulnerabilities in 5G networks through research. These vulnerabilities could allow hackers to easily obtain the victim's call and text message records.

Recently, at the GeekPwn 2020 International Security Geek Competition, Tencent Security Xuanwu Lab demonstrated a latest 5G security research finding: by exploiting the design problem of the 5G communication protocol, hackers can "hijack" the TCP communication of any mobile phone under the coverage of the same base station, including all kinds of SMS sending and receiving, App and server communication. This is another critical blow to the recently controversial SMS business!

In fact, this is not the first time that 5G has exposed security vulnerabilities. At the end of last year, researchers from Purdue University and the University of Iowa discovered multiple security vulnerabilities in 5G networks through research. These vulnerabilities can allow hackers to easily obtain the call and text message records of the attacked.

5G appears to be no more secure than 4G

In the past, whenever we suffered from spam text messages and telecom fraud, we often comforted ourselves: everything will be fine when 5G comes. After all, both telecom equipment manufacturers and telecom operators have told us that 5G networks are definitely safer than 4G networks. There are many reasons for this, for example, 5G introduces user permanent identifiers and user hidden identifiers, which can encrypt user identity information, better resist network attacks, and ensure personal privacy security.

But from the reality, the security issues of 5G networks are gradually being exposed, and the SMS service is the first to be affected!

SMS verification codes become the target of public criticism

For a long time, "SMS verification code" has become the main channel for everyone to authenticate their identity in cyberspace. Using mobile phone number + verification code, you can complete many important operations, such as quick login, changing passwords, transferring money, paying, applying for loans, etc.

However, due to the security loopholes in SMS, in many cases, SMS verification codes do not play the role of identity authentication at all. Instead, they become loopholes that black industries can exploit, causing property losses to users.

We still hope that in the 5G era, SMS services can completely fill security loopholes, become a more trustworthy identity authentication tool, and revitalize the market. Operators also want to make the information business in the 5G era a new entrance to the mobile Internet. The three major operators have jointly created 5G new messages, upgrading the original simple text information to rich media information including pictures, videos, text, etc., and are ready to do a big job!

But from the reality, the situation is not so optimistic. Although patching security vulnerabilities is not a complicated problem, the scary thing is that it is difficult for operators to find vulnerabilities in advance and fix them. The volume of 5G standard documents is very large, and it is very difficult to find vulnerabilities in an ocean of tens of millions of words. It is difficult for operators, but for those black industry practitioners with ulterior motives, they have enough motivation and patience.

Will the SMS business die out?

Judging from the data, the SMS business seems not only to be not dying out, but to be thriving - according to China Mobile's data for the first three quarters, the number of SMS messages reached 713 billion, a year-on-year increase of 15.5%, maintaining a good growth trend, and its contribution to the overall revenue cannot be ignored.

This seems to be very different from our actual usage perception. Ten years ago, we might have sent dozens of text messages every day, but today we may not actively send a text message in a year. Then why has the usage of text messages increased? The reason is that the SMS verification code is currently the most important means of identity authentication. Whether it is website registration, password retrieval, or third-party payment, transfer and remittance, it needs to be implemented through SMS verification. The SMS verification code security procedure seems to have become a must for all Internet companies.

Will this good situation continue?

This may be the best situation for the SMS business. SMS verification codes seem to have monopolized the huge market of Internet identity authentication. Even if you want to log in to WeChat again, you may need to use SMS verification codes. But will this good situation last? Or, will SMS create greater glory after it is transformed into 5G new messages?

I believe that the frequent security incidents are undermining the authority of SMS as a means of identity authentication. In fact, SMS services are not designed for identity authentication based on product design logic. In this case, once another more secure and reliable identity authentication tool appears, SMS will be quickly replaced.

As for whether 5G new messages can become a new era of SMS business? Sorry, I really have no hope for this business that has much hype but little results.