U.S. Carriers Fix SMS Routing Vulnerability That Let Hackers Hijack Texts

by

Major carriers in the U.S. like Verizon, T-Mobile, and AT&T have made a change to how SMS messages are routed to put a stop to a security vulnerability that allowed hackers to reroute texts, reports Motherboard.

sms message iphone
Carriers introduced the change after a Motherboard investigation last week revealed how easy it is for hackers to reroute text messages and use the stolen information to break into social media accounts. The site paid a hacker $16 to reroute texts using the tools of a company called Sakari, which helps businesses with mass marketing.

Sakari offered a text rerouting tool from a company called Bandwidth, which was supplied by another company called NetNumber, resulting in a confusing network of companies contributing to a vulnerability that left SMS texts open to hackers (Motherboard has more information on the process in its original article). The hacker hired by Motherboard was able to access Sakari's tools without any authentication or consent from the rerouting target, successfully getting texts from Motherboard's test phone.

Sakari is meant to allow businesses to import their own phone number for sending mass texts, which means a business is able to add a phone number to send and receive texts through the Sakari platform. Hackers could abuse this tool by importing a phone number of a victim to get access to the person's text messages.

Aerialink, a communications company that helps route text messages, said today said that wireless carriers are no longer supporting SMS or MMS text enabling on wireless numbers, something that "affects all SMS providers in the mobile ecosystem." This will prevent the hack demonstrated by Motherboard last week from working.

It is not clear if this text rerouting method was widely used by hackers, but it was easier to pull off than other smartphone hacking methods like SIM swapping. A Security Research Labs researcher said that he had not seen it before, while another researcher said it was "absolutely" in use.

Top Rated Comments

JosephAW Avatar
JosephAW
19 months ago
Now they need to stop robo calls from false local numbers. :cool:
Score: 33 Votes (Like | Disagree)
nutmac Avatar
nutmac
19 months ago
I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Score: 17 Votes (Like | Disagree)
DocklandNightShift Avatar
DocklandNightShift
19 months ago
I try not to use SMS. It’s either iMessage or Signal for me. more people need to realize how utterly open and non private normal texting is
Score: 17 Votes (Like | Disagree)
zorinlynx Avatar
zorinlynx
19 months ago
This is the kind of thing where you're reading the article and asking yourself:

- Why was this possible in the first place??
- If the carriers were able to prevent this from happening, why weren't they already doing so????!!?!11

I swear, our security infrastructure is so fragile. It's only a matter of time before something really, really bad happens.
Score: 15 Votes (Like | Disagree)
TheYayAreaLiving ? Avatar
TheYayAreaLiving ?
19 months ago
Stop the ROBO/TELE-Markeing calls please.
Score: 13 Votes (Like | Disagree)
Rigby Avatar
Rigby
19 months ago

I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Yep. It's a complete joke that you can't secure the most important accounts properly. I'm now using a Google Voice number for 2FA in those cases (no SIM swapping or number porting possible). But they should really offer more secure methods.
Score: 6 Votes (Like | Disagree)
Read All Comments

Related Stories

iOS 15 Messages Feature

Your iPhone May Be Sending Message Read Receipts Even If You Turned Them Off

Friday January 7, 2022 1:59 am PST by
A recurring iOS bug that makes Apple's Messages app send read receipts despite the setting being disabled appears to be on the upswing again, based on reports from users running iOS 15. In iOS, with read receipts enabled (Settings -> Messages -> Send Read Receipts), the "Delivered" text that a person sees under an iMessage they have sent you turns to "Read" when you've viewed it in the...
Read Full Article103 comments
Whatsapp Feature

WhatsApp Readies Message Reactions for iPhone and Android

Wednesday February 2, 2022 4:21 am PST by
WhatsApp's plan to bring iMessage-style message reactions to the massively popular chat platform appears to be entering its final stages, based on new screenshots shared by WABetaInfo. WhatsApp has been working on message reactions – or "Tapbacks" in Apple Messages parlance – for some time, with evidence of their development first coming to light last summer. The feature gives...
Read Full Article36 comments
tmobilelogo

T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

Wednesday December 29, 2021 10:15 am PST by
Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident. Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to...
Read Full Article126 comments
General Apps Messages

Google Exec Pushing RCS Adoption Says He's 'Not Asking Apple to Make iMessage Available on Android'

Monday January 10, 2022 3:24 pm PST by
Google for the last several years has been pushing a new communications protocol called Rich Communication Services, or RCS, which is designed to replace the current SMS standard. RCS offers support for higher resolution photos and videos, audio messages, bigger file size, improved encryption, and more. For the last few months, Google's senior vice president of Android, Hiroshi Lockheimer,...
Read Full Article287 comments
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...
Read Full Article120 comments
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
Read Full Article66 comments
iphone 12 sim card slot blue

iPhone 14 With eSIM Only Will Likely Be Optional Model, Says Analyst

Wednesday January 26, 2022 6:35 am PST by
Last month, a tipster informed MacRumors that Apple had advised major U.S. carriers to prepare for the launch of eSIM-only smartphones by September 2022, suggesting at least one iPhone 14 model might lack a physical nano-SIM card tray. GlobalData analyst Emma Mohr-McClune today expressed her belief that Apple will not switch to eSIM-only iPhones entirely right away, but rather offer an...
Read Full Article104 comments
iPhone SE 3 stacked

Apple Using Streamlined Purchase Process for T-Mobile and AT&T iPhone SE Buyers

Thursday March 17, 2022 2:50 pm PDT by
Apple is streamlining its iPhone purchase process with the launch of the iPhone SE, and has introduced a new buying method that allows customers to purchase T-Mobile and AT&T devices without inputting their current carrier information. As outlined by Bloomberg, customers typically need to provide their wireless phone number and social security number when making an iPhone purchase, a process ...
Read Full Article24 comments

Popular Stories

iphone 14 iphone 14 plus in hand

Kuo: iPhone 14 Plus Pre-Orders Worse Than iPhone 13 Mini, Product Strategy 'Fails'

Monday September 12, 2022 4:27 am PDT by
The iPhone 14 and iPhone 14 Plus have seen "bad" pre-order results, indicating that Apple's positioning of the two new standard models may have failed, according to Apple analyst Ming-Chi Kuo. In his -14-first-weekend-online-pre-order-survey-110411040b5d">latest post on Medium, Kuo explained that the iPhone 14 Pro and iPhone 14 Pro Max have seen "neutral" and "good" pre-order results...
Read Full Article672 comments
ios 16 beta battery percentage icon

Apple Confirms iOS 16 Battery Percentage Display Not Available on Certain iPhone Models

Tuesday September 13, 2022 1:00 am PDT by
Following iOS 16's public release, Apple has confirmed that users of older generation iPhone models will miss out on the ability to show their iPhone's battery percentage directly in the status bar. In an updated support document, Apple says that the new battery percentage display is not available on the iPhone XR, iPhone 11, the iPhone 12 mini, and the iPhone 13 mini. Apple provides no...
Read Full Article128 comments
ios 16 lockscreens

iOS 16 Launches Tomorrow: Six New Features Worth Checking Out

Sunday September 11, 2022 7:53 am PDT by
Apple is set to release iOS 16 this Monday, September 12, as a free update for the iPhone 8 and newer. iOS 16 includes plenty of new features, ranging from a customizable Lock Screen to the ability to temporarily edit or unsend iMessages. To install iOS 16 when the update is released, open the Settings app on your iPhone and tap General → Software Update. After you update your iPhone to...
Read Full Article157 comments
iOS 16 hidden features

16 Hidden iOS 16 Features You Didn't Know About

Tuesday September 13, 2022 11:55 am PDT by
Apple this week released iOS 16, the latest version of iOS with a new customizable Lock Screen, major new additions to Messages, and enhancements to Mail, Maps, and more. Other than the headlining features, there are a number of quality-of-life changes, improvements, and new capabilities baked into iOS 16 that help improve the iPhone experience. We've listed 16 hidden features and changes...
Read Full Article136 comments
iphone 14 lineup

iPhone 14 Battery Capacities For All Four Models Revealed Ahead of Launch

Sunday September 11, 2022 3:58 pm PDT by
Apple does not advertise battery capacities for its new iPhone 14 lineup, but MacRumors has obtained this information from a Chinese regulatory database. Three out of four iPhone 14 models feature larger battery capacities compared to the iPhone 13 lineup, with the exception being the iPhone 14 Pro Max, which is equipped with a slightly smaller battery compared to the iPhone 13 Pro Max....
Read Full Article116 comments