AWS sms-voice high security documentation change
Summary
Added Monitor and Filter country rule modes with AIT protection details, including pricing, model limitations, and recommendations for additional safeguards
Security assessment
The changes explicitly address protection against Artificially Inflated Traffic (AIT) attacks by introducing new security controls (Monitor/Filter modes) and warning about model limitations. This directly relates to mitigating security risks of SMS verification system exploitation and fraudulent message traffic.
Diff
diff --git a/sms-voice/latest/userguide/filter-and-monitor-messages.md b/sms-voice/latest/userguide/filter-and-monitor-messages.md index c426379a0..0ec9357d0 100644 --- a//sms-voice/latest/userguide/filter-and-monitor-messages.md +++ b//sms-voice/latest/userguide/filter-and-monitor-messages.md @@ -9,3 +9 @@ What are the country rule modesSet a country mode -Artificially inflated traffic (AIT) are techniques attackers use to exploit SMS verification systems to generate fake one time passwords or application download links. The SMS message are then routed to compromised phone numbers inflating your message traffic. - -Use the different country rule modes to allow or block messages you send on a per country basis. +Artificially inflated traffic (AIT) occurs when bots or bad actors target web or mobile applications that trigger SMS message sends. This results in unwanted and unaccepted SMS message charges. To help lessen the impact of an SMS AIT attack on your web or mobile application, set country rules to either block (prevent all messages to a country), or filter (to use the End User Messaging AIT detection model to filter suspected AIT message requests). @@ -20,0 +19,13 @@ Allow | Allow sending message to the destination country. +Monitor | Allow sending messages to the destination country, but include the SMS protect blocking recommendation in metrics and events. +Filter | Allow sending messages to the destination country, but block messages that the End User Messaging suspects as AIT. + +###### Important + + * Messages using “monitor” or “filter” mode incur additional charges for AIT risk evaluation. See [pricing for details](https://aws.amazon.com/end-user-messaging/pricing/). + + * Protect’s filter and monitor modes use statistical models that generate AIT risk predictions based on patterns in data. We are always working to improve these models, but, as with any such models, the accuracy of their predictions is not guaranteed (e.g., there is a chance that legitimate SMS messages may be flagged as an AIT risk). + + * Filter and monitor modes are designed to help you mitigate the impacts of AIT, but do not guarantee complete protection from AIT. We recommend using additional safeguards on your web and mobile applications for well- rounded AIT protection. + + + @@ -24 +35 @@ Allow | Allow sending message to the destination country. -Each protect configuration can apply a country rule mode to each country or geographic region. The country rule mode can be to **Block** or **Allow** messages to that country. Use phone number overrides to create allow and deny exceptions for specific phone numbers. +Each protect configuration can apply a country rule mode to each country or geographic region. The country rule mode can be to _Allow_ , _Block_ , _Monitor_ , or _Filter_ messages to that country. Use phone number overrides to create allow and deny exceptions for specific phone numbers. @@ -36 +47 @@ To edit a protect configuration country rules using the AWS End User Messaging S - 5. In the **SMS/Voice country rules** tab check the countries to change the rules for and then choose **Block** or **Allow**. You can sort and filter the country list based on **Country** , **Region** and **Rule**. + 5. In the **SMS/Voice country rules** tab check the countries to change the rules for and then choose **Allow** , **Block** , **Monitor** , or **Filter**. You can sort and filter the country list based on **Country** , **Region** and **Rule**.