Major US carriers such as Verizon, T-Mobile and AT&T have made a change in how SMS messages are routed to stop a security issue that allowed hackers to redirect texts, reports Motherboard.
Carriers introduced the change after one Motherboard last week’s investigation revealed how easy it is for hackers to redirect text messages and use stolen information to break into social media accounts. The site paid a hacker $ 16 to redirect texts using the tools of a company called Sakari, which helps companies with mass marketing.
Sakari offered a tool for redirecting text from a company called Bandwidth, which was provided by another company called NetNumber, resulting in a confusing network of companies that contributed to a vulnerability that left SMS texts open to hackers (Motherboard has more information about the process in its original article). Hacker employed by Motherboard was able to access Sakari’s tools without approval or consent from the redirect target, and successfully received text from Motherboardtest phone.
Sakari is intended to allow companies to import their own mass text submission number, which means that a company is able to add a phone number to send and receive texts through the Sakari platform. Hackers can abuse this tool by importing a phone number of a victim to access the person’s text messages.
Aerialink, a communications company that helps route text messages, said today that wireless operators no longer support SMS or MMS text that enables wireless numbers, which “affects all SMS providers in the mobile ecosystem.” This will prevent the hack demonstrated by Motherboard last week from work.
It is not clear if this text conversion method was widely used by hackers, but it was easier to pull off than other hacking methods for smartphones such as SIM switching. A researcher at Security Research Labs said he had not seen it before, while another researcher said it was “absolutely” in use.