U.S. Carriers Fix SMS Routing Vulnerability That Let Hackers Hijack Texts

Major carriers in the U.S. like Verizon, T-Mobile, and AT&T have made a change to how SMS messages are routed to put a stop to a security vulnerability that allowed hackers to reroute texts, reports Motherboard.

sms message iphone
Carriers introduced the change after a Motherboard investigation last week revealed how easy it is for hackers to reroute text messages and use the stolen information to break into social media accounts. The site paid a hacker $16 to reroute texts using the tools of a company called Sakari, which helps businesses with mass marketing.

Sakari offered a text rerouting tool from a company called Bandwidth, which was supplied by another company called NetNumber, resulting in a confusing network of companies contributing to a vulnerability that left SMS texts open to hackers (Motherboard has more information on the process in its original article). The hacker hired by Motherboard was able to access Sakari's tools without any authentication or consent from the rerouting target, successfully getting texts from Motherboard's test phone.

Sakari is meant to allow businesses to import their own phone number for sending mass texts, which means a business is able to add a phone number to send and receive texts through the Sakari platform. Hackers could abuse this tool by importing a phone number of a victim to get access to the person's text messages.

Aerialink, a communications company that helps route text messages, said today said that wireless carriers are no longer supporting SMS or MMS text enabling on wireless numbers, something that "affects all SMS providers in the mobile ecosystem." This will prevent the hack demonstrated by Motherboard last week from working.

It is not clear if this text rerouting method was widely used by hackers, but it was easier to pull off than other smartphone hacking methods like SIM swapping. A Security Research Labs researcher said that he had not seen it before, while another researcher said it was "absolutely" in use.

Popular Stories

iOS 18 Siri Integrated Feature

Report: These 10 New AI Features Are Coming in iOS 18

Sunday May 26, 2024 12:57 pm PDT by
iOS 18 and macOS 15 will offer an array of new AI features such as auto-generated emojis, suggested replies to emails and messages, and more, Bloomberg's Mark Gurman reports. A significant portion of Apple's Worldwide Developers Conference (WWDC) is expected to focus on AI features. Writing his latest "Power On" newsletter, Gurman explained that Apple's AI strategy emphasizes providing...
new best buy blue

Best Buy's Memorial Day Sale Has Record Low Prices on iPads, MacBooks, and Much More

Friday May 24, 2024 7:12 am PDT by
Best Buy today kicked off its Memorial Day weekend sale, and it has some of the best prices we've tracked in weeks on iPads and MacBooks. Specifically, you'll find record low prices on the 5th generation iPad Air, iPad mini 6, M2 MacBook Air, and M3 MacBook Pro. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment,...
iOS 18 WWDC 24 Feature 2

Gurman: iOS 18 Will Allow Users to Recolor App Icons and Place Them Anywhere

Sunday May 26, 2024 12:22 pm PDT by
Apple's iOS 18 update will introduce new features for further customizing the iPhone's home screen, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman claimed that Apple will allow users to change the color of app icons in iOS 18. For example, "you can make all your social icons blue or finance-related ones green." This kind of home screen...
Apple iPhone 14 color lineup feature

Apple Now Selling Refurbished iPhone 14 Models

Friday May 24, 2024 11:15 am PDT by
Apple today added refurbished iPhone 14, iPhone 14 Plus, iPhone 14 Pro, and iPhone 14 Pro Max devices to its online store for refurbished products, offering the prior-generation iPhones at a discount for the first time since their 2022 launch. The iPhone 14 is available starting at $619, the iPhone 14 Pro is available starting at $759, and the iPhone 14 Pro Max is available starting at $849. ...
top stories 25may2024

Top Stories: iOS 17.5.1 Fixes Concerning Photos Bug, All-New iPhone 17 Model Rumored, and More

Saturday May 25, 2024 6:00 am PDT by
It's been quite a week of Apple news and rumors, ranging from a concerning bug with deleted photos reappearing on users' devices to hot rumors about a new high-end iPhone model for 2025 and a MacBook with a foldable screen coming as soon as 2026. Other news and rumors this week included fresh expectations for iOS 18 features and new headphones from Sonos to compete head-to-head with AirPods...

Top Rated Comments

JosephAW Avatar
42 months ago
Now they need to stop robo calls from false local numbers. :cool:
Score: 33 Votes (Like | Disagree)
nutmac Avatar
42 months ago
I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Score: 17 Votes (Like | Disagree)
DocklandNightShift Avatar
42 months ago
I try not to use SMS. It’s either iMessage or Signal for me. more people need to realize how utterly open and non private normal texting is
Score: 17 Votes (Like | Disagree)
zorinlynx Avatar
42 months ago
This is the kind of thing where you're reading the article and asking yourself:

- Why was this possible in the first place??
- If the carriers were able to prevent this from happening, why weren't they already doing so????!!?!11

I swear, our security infrastructure is so fragile. It's only a matter of time before something really, really bad happens.
Score: 15 Votes (Like | Disagree)
TheYayAreaLiving ?️ Avatar
42 months ago
Stop the ROBO/TELE-Markeing calls please.
Score: 13 Votes (Like | Disagree)
Rigby Avatar
42 months ago

I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Yep. It's a complete joke that you can't secure the most important accounts properly. I'm now using a Google Voice number for 2FA in those cases (no SIM swapping or number porting possible). But they should really offer more secure methods.
Score: 6 Votes (Like | Disagree)