Major US carriers such as Verizon, T-Mobile and AT&T have changed the way text messages are routed to end a security vulnerability that allowed hackers to redirect texts, reports Motherboard
/article-new/2021/03/sms-message-iphone.jpg?resize=560%2C315&ssl=1)
Carriers have implemented the change after a Motherboard Last week’s research revealed how easy it is for hackers to redirect text messages and use the stolen information to break into social media accounts. The site paid a hacker $ 16 to redirect texts using the tools of a company called Sakari, which helps companies with mass marketing.
Sakari offered a text redirection tool from a company called Bandwidth, which was provided by another company called NetNumber, which resulted in a confusing network of companies contributing to a vulnerability that opened SMS texts to hackers (Motherboard has more information about the process in the original article). The hacker hired by Motherboard was able to access Sakari’s tools without any authentication or permission from the redirect target, and successfully got texts from Motherboard‘s test phone.
Sakari aims to enable businesses to import their own phone number for sending bulk text messages, which means that a business can add a phone number to send and receive text messages through the Sakari platform. Hackers can exploit this tool by importing a victim’s phone number to access the person’s text messages.
Aerialink, a communications company that helps route text messages, said today that wireless carriers no longer support SMS or MMS text enabling wireless dialing, something that “affects all SMS providers in the mobile ecosystem.” This prevents the hack from being demonstrated by Motherboard last week of work.
It’s not clear if this text redirect method was widely used by hackers, but it was easier to perform than other smartphone hacking methods like SIM swapping. A Security Research Labs researcher said he hadn’t seen it before, while another researcher said it was “absolutely” in use.