A bug with O2 text messaging

I’ve recently seen a bug with text messaging that could cause trouble for someone or even be used for fraudulent purposes.

A colleague (on Orange) sent a picture message to myself (on Vodafone) and another colleague (on O2). He sent it as one message with two recipients rather than two separate messages. Nothing wrong there.

In later conversation, the first colleague mentioned what I had said in reply to his picture. What reply? I asked. He then showed me a message on his Nokia 6310 that clearly appeared to have come from my number. I had not sent this message and I could prove it by showing him my itemised bill on the Vodafone website. Looking at the style of the message it looked like it had come from the second recipient which it turned out was the case.

Despite having a Nokia smartphone, this second recipient on O2 has a corporate restriction on receiving picture messages directly on the phone and instead receives a message telling him to visit the O2 website to view the picture. When he did this he sent a reply via this O2 website. Because I had been the first recipient on the original message, the O2 website falsely inserted my number as the sender.

Fortunately, our relationship is good enough to realise who had really sent the message but depending on the content of the message this could easily have caused an argument or bad feeling. This could also be used for fraudulent purposes?

How is it possible for O2 to spoof the sender details?

Leave a comment

Please note: Use of a non-personal web site or blog in the field below and/or comments that are off-topic or personal attacks will likely be removed at my discretion.

Your comment