US Operators Fix SMS Routing Vulnerability That Allows Hackers To Hijack Text

Major carriers in the US such as Verizon, T-Mobile and AT&T have made a change to the way SMS messages are routed to stop a security vulnerability that allowed hackers to redirect text messages, it reports. Motherboard.

Carriers introduced the change after a Motherboard Last week’s investigation revealed how easy it is for hackers to redirect text messages and use stolen information to access social media accounts. The site paid a hacker $ 16 to redirect text messages using the tools of a company called Sakari, which helps companies with mass marketing.

Sakari offered a text redirection tool from a company called Bandwidth, which was supplied by another company called NetNumber, resulting in a confusing network of companies contributing to a vulnerability that left text messages open to hackers (Motherboard has more information on the process in his original article). The hacker hired by Motherboard was able to access Sakari tools without any authentication or consent from the redirect target, successfully obtaining text messages from Motherboardtest phone.

Sakari is intended to allow companies to import their own phone number to send bulk text messages, which means that a company can add a phone number to send and receive text messages through the Sakari platform. Hackers could abuse this tool by importing a victim’s phone number to gain access to the person’s text messages.

Aerialink, a communications company that helps route text messages, said today that wireless operators no longer support enabling SMS or MMS messages on wireless numbers, something that “affects all SMS providers in the mobile ecosystem.” This will prevent the hack demonstrated by Motherboard last week of work.

It is unclear if this text redirection method was widely used by hackers, but it was easier to achieve than other smartphone hacking methods like SIM swapping. A Security Research Labs researcher said they hadn’t seen it before, while another researcher said it was “absolutely” in use.


Source link