Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for detecting silent SMS messages #113

Open
MatejKovacic opened this issue Mar 7, 2025 · 2 comments
Open

Support for detecting silent SMS messages #113

MatejKovacic opened this issue Mar 7, 2025 · 2 comments
Labels
heuristic Related to an existing or new type of CSS heuristic Research Questions This will require research into hardware for diag

Comments

@MatejKovacic
Copy link

More info about silent SMS messages here:
https://github.com/MatejKovacic/silent-sms-ping

It would be nice if device would be able to detech Type-0 messages as well.
@wgreenberg
Copy link
Collaborator

i think this is a fine idea, although i'm curious about this point from your linked repo:

It is important to understand, that receiving silent SMS does not necessary mean you are being targeted by some malicious actor. Silent SMS messages could be used for various technical reasons and receiving a silent SMS is not a good indicator of being targeted by your cell carrier, government or hackers.

one of Rayhunter's main design goals is to issue no false-positives, so we're really aiming to only add heuristics for very suspicious events. do you have a sense of how possible it'd be to write a silent SMS detector that can easily distinguish benign messages from suspicious ones?

@wgreenberg wgreenberg added Research Questions This will require research into hardware for diag heuristic Related to an existing or new type of CSS heuristic labels Mar 7, 2025
@MatejKovacic
Copy link
Author

Actually yes, I have some ideas.

First of all, Type 0 SMSes are absolutely used for tracking, so receiving that SMS should trigger high alert. The problem is, that in Android Type-0 SMS messages are hidden on purpose (in my repo you can read about how Google changed Android code for that). On the other hand, it seems that receiving a Type-0 message triggers a record in Android logs.

Class 0 (Flash SMS) are usually not problematic, because they are intended to be displayed, unless if certain flags are used. We can alert user if those flags are being used. Silent SMS detector application is detecting these.

Class 1 is a normal SMS message, it should not trigger any alert.

Class 2 carries SIM card data and is used for sending some technical data from the mobile operator to a SIM card. Usually they are received when roaming is activated or when mobile operator is pushing some settings.

However, any SMS message could be intentionally "broken", so it would act as silent SMS message. Therefore my suggestion would be to record (save) everything and alert only on most problematic one.

When we would have a enough data, we can do analysis which other messages could be also problematic. For instance, if there are protests and leaders of protests are receiving weird messages (which are not yet detected as problematic), we should reconsider methodology for classify a message as suspicious.

Also, if a mobile phone of some journalist gets infected with Pegasus, we could also check all SMS messages received on his second phone number in this device.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
heuristic Related to an existing or new type of CSS heuristic Research Questions This will require research into hardware for diag
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wgreenberg @MatejKovacic