Major carriers in the United States, such as Verizon, T-Mobile and AT&T, have changed the way SMS messages are routed to prevent a security vulnerability that allowed hackers to redirect texts, reports Motherboard.
/article-new/2021/03/sms-message-iphone.jpg?resize=560%2C315&ssl=1)
Operators introduced the change after a Motherboard An investigation last week revealed how easy it is for hackers to redirect text messages and use the stolen information to hack into social media accounts. The site paid a hacker $ 16 to redirect texts using the tools of a company called Sakari, which helps companies with mass marketing.
Sakari offered a text redirection tool from a company called Bandwidth, provided by another company called NetNumber, resulting in a confused network of companies contributing to a vulnerability that left SMS texts open to hackers (Motherboard has more information about the process in its original article). The hacker hired by Motherboard was able to access Sakari tools without any authentication or consent from the redirect target, successfully Motherboardtest phone.
Sakari’s goal is to allow companies to import their own phone number to send bulk text messages, which means that a company can add a phone number to send and receive text messages through the Sakari platform. Hackers can abuse this tool by importing a victim’s phone number to gain access to the person’s text messages.
Aerialink, a communications company that helps route text messages, said today that wireless operators are no longer supporting SMS or MMS enabled for wireless numbers, something that “affects all SMS providers in the mobile ecosystem.” This will prevent the hack demonstrated by Motherboard last week of work.
It is unclear whether this method of text redirection was widely used by hackers, but it was easier to perform than other smartphone hacking methods, such as SIM exchange. One researcher at Security Research Labs said he had not seen it before, while another researcher said it was “absolutely” in use.