also, how many Mums are going to Text their kids? if they have a mobile, they are going to call, surely.
Genuinely curious.... how is it not possible to respond to a text?
The sms system has a very low security architecture.
You can use a paid bulk sms service, which can message any mobile phone device with a carrier assigned number on the planet give or take a few oddities. I have used SMSglobal for automation of the house, I had my automation system sending me a message via smsglobal about he garage door status so I don’t need to worry if it was down, when my son was an infant he just didn’t sleep, I found myself going to work with 20 minutes sleep for the night.
You can set any senders details using these SMS services when using one way communication. Have you ever had an sms arrive that didn’t have a number but just a name?
Quite literally you can set the sender field to anything, there is no banned or black listed word list I believe.
Here is a screen shot from SMSglobal’s knowledge base how to video, MXT is their web based portal for sms communication.
https://knowledgebase.smsglobal.com/en/articles/5178453-how-to-do-a-simple-sms-send-in-mxt
The sender field is set to in this example “SMSglobal” but there is nothing stopping anyone using “mum” “dad” or “ato”.
Telstra have started watching incoming data onto their sms networks, looking at data source, and banned words. One of the key issues is the bulk sms provider networks are fully integrated into legitimate business usage.
Let’s look at a small, real world scenario. The local doctors appointment reminder system is using a bulk sms service provider. Their admin software has many IO’s now via API’s (Application programming interface). An api is a defined protocol for software package A to communicate with software package B. HotDoc, the website and phone app booking software has an api that lets the medical clinics software talk to it to Hotdoc’s central server to accept appointment bookings.
The medical clinics software is using an sms bulk messaging system, like GlobalSMS, via an api to send the patient a confirmation sms.
Fundamentally though, while spoofing sender identity is easy, it’s not the real risk.
Sms system runs on the Signaling System 7 protocol. There is open source Linux based packages out there for interacting with the SS7 system and reading sms’ or even accepting the sms, and sending something else out, to the recipient.
Think about banking 2 factor authentication using sms. That one time passcode sent via sms is not secure. Our banking system is fucked.
Google “2FA sms banking”.