What is SMS Bombing and how to stay safe from this form of harassment

by admin


One of our colleagues recently woke up to hundreds of OTP messages from food delivery platforms like Zomato, Zepto, and Licious, all within a span of a few hours. He had just become the victim of what is called SMS Bombing where a user’s number is bombarded with a large number of messages or even OTP calls within a very short period of time with a clear intention to harass a user and disrupt the normal working of a device.

Mehul Bhandari, 32, a software developer based in Vapi tells indianexpress.com that he was bombarded with hundreds of OTP messages from Flipkart, Apollo, Snapdeal, and ok credit. “For several days, I would get hundreds of OTP SMS, and it would irritate me.” He even tried registering a complaint with the cyber police, but that didn’t stop the spam messages. “Ultimately, I researched and downloaded the app, and blacklisted by number.”

These pranks are run using freeware and their apk files available to download online. Some of the popular SMS bombing apps are SMSBomber, BombItUp, and TXTBlast among others.

Some of the popular SMS bombing apps are SMSBomber, BombItUp, and TXTBlast among others. (Express Photo)

According to Sourajeet Majumder, an independent cyber expert, in most cases, these websites use vulnerable API points of other firms which are actually used to send OTPs, and texts to legitimate users for login, password reset etc. “However, attackers exploit these APIs by making GET/POST requests with their scripts which in turn automates the sending of messages and helps them to perform SMS bombing attacks.”

It is very easy to use SMS bomber tools. Users have to just enter the number, and value (how many messages you want to send), hit the submit button and wait until the success alert.

Legal experts believe using SMS bombers qualifies as a form of harassment. “Such apps/websites do not have a proper privacy policy or terms of service. Although it calls itself a tool for fun, this has the potential to create immense harm. Incessant messages can be a nuisance for the person targeted. This can be easily used to harass persons. However, the terms of service state that it can be used only on friends and family and with consent, but there is no way to monitor this,” said Prasanth Sugathan, Legal Director at SFLC.in.

Majumder advises that a number of websites which provide SMS Bombing facilities also provide options to protect your number. “Once a number is saved in the protection list, one cannot use that particular website to SMS bomb you.”

Meanwhile, users can try anti-SMS Bombers which are tools that automatically block the incoming messages from a particular sender if an OTP or same SMS occurs more than three times. “Users can also try reaching out to the security teams of the firms from whom they are receiving the messages. This might help the firm to patch the vulnerable API which will, in turn, make it impossible for attackers to use it for SMS Bombing,” he added.





Source link

Related Posts

Leave a Comment