The short message service (SMS) is a service for exchanging texts via mobile networks that has been developed not only as a means of text communication between subscribers but also as a means to remotely manage Internet of Things (IoT) devices. However, the originating number of an SMS can be spoofed. If IoT devices authenticate administrators based on the originating number of an SMS, the authentication is bypassed via SMS origin spoofing. Consequently, IoT devices are at risk of accepting commands from attackers and performing unauthorized actions. Accordingly, in this study, the specifications of major cellular IoT gateways were evaluated by focusing on remote management via SMS, and the authentication bypass hypothesis was verified. The results showed that 25 of the 32 targeted products supported SMS-based remote management, and 20 implemented authentication based on the originating number of the SMS. Furthermore, by spoofing the originating number of the SMS, one product was demonstrated to be remotely exploitable through authentication bypassing. Thus, this study revealed the threats posed by SMS origin spoofing to IoT devices and proved that SMS origin spoofing not only threatens text communication between people but also puts machine communication at risk.

翻译：短消息服务（SMS）是一种通过移动网络交换文本的服务，它不仅被开发为用户间文本通信的手段，也被用作远程管理物联网（IoT）设备的方式。然而，SMS的源号码可以被伪造。如果物联网设备根据SMS的源号码对管理员进行身份验证，那么通过SMS源地址欺骗即可绕过认证。因此，物联网设备存在接受攻击者指令并执行未授权操作的风险。据此，本研究通过聚焦于SMS远程管理功能，评估了主要蜂窝物联网网关的规格，并验证了认证绕过假设。结果显示，在32个目标产品中，有25个支持基于SMS的远程管理，其中20个基于SMS的源号码实施了认证。此外，通过伪造SMS的源号码，成功演示了一个产品能够通过认证绕过实现远程利用。因此，本研究揭示了SMS源地址欺骗对物联网设备构成的威胁，并证明SMS源地址欺骗不仅危及人际文本通信，还将机器通信置于风险之中。