Major U.S. carriers such as Verizon, T-Mobile and AT&T have changed the way SMS is routed to end a security vulnerability that has allowed hackers to redirect text, reports Motherboard.
/article-new/2021/03/sms-message-iphone.jpg?resize=560%2C315&ssl=1)
Carriers introduced the change after a Motherboard Last week’s investigation revealed how easy it is for hackers to redirect text messages and use stolen information to enter social accounts. The site paid a hacker $ 16 to redirect texts using the tools of a company called Sakari, which helps mass marketing companies.
Sakari provided a text redirection tool from a company called Bandwidth, which was provided by another company called NetNumber, resulting in a confusing network of companies contributing to a vulnerability that left SMS texts open to hackers (Motherboard has more information about the process in his original article). The hacker hired by Motherboard was able to access Sakari’s tools without any authentication or consent from the redirect target, successfully retrieving texts from Motherboardtest phone.
Sakari is meant to allow companies to import their own phone number for bulk texting, which means that a company can add a phone number to send and receive text through the Sakari platform. Hackers could abuse this tool by importing a victim’s phone number to gain access to that person’s text messages.
Aerialink, a communications company that helps route text messages, said today that wireless service providers no longer support enabling SMS or MMS on wireless numbers, which “affects all SMS providers in the mobile ecosystem.” This will prevent the hack demonstrated by Motherboard last week from work.
It is unclear whether this method of text redirection has been widely used by hackers, but it has been easier to extract than other smartphone hacking methods, such as SIM sharing. A Security Research Labs researcher said he had never seen it before, while another researcher said it was “absolutely” used.