U.S. Carriers Fix SMS Routing Vulnerability That Let Hackers Hijack Texts

by

Major carriers in the U.S. like Verizon, T-Mobile, and AT&T have made a change to how SMS messages are routed to put a stop to a security vulnerability that allowed hackers to reroute texts, reports Motherboard.

sms message iphone
Carriers introduced the change after a Motherboard investigation last week revealed how easy it is for hackers to reroute text messages and use the stolen information to break into social media accounts. The site paid a hacker $16 to reroute texts using the tools of a company called Sakari, which helps businesses with mass marketing.

Sakari offered a text rerouting tool from a company called Bandwidth, which was supplied by another company called NetNumber, resulting in a confusing network of companies contributing to a vulnerability that left SMS texts open to hackers (Motherboard has more information on the process in its original article). The hacker hired by Motherboard was able to access Sakari's tools without any authentication or consent from the rerouting target, successfully getting texts from Motherboard's test phone.

Sakari is meant to allow businesses to import their own phone number for sending mass texts, which means a business is able to add a phone number to send and receive texts through the Sakari platform. Hackers could abuse this tool by importing a phone number of a victim to get access to the person's text messages.

Aerialink, a communications company that helps route text messages, said today said that wireless carriers are no longer supporting SMS or MMS text enabling on wireless numbers, something that "affects all SMS providers in the mobile ecosystem." This will prevent the hack demonstrated by Motherboard last week from working.

It is not clear if this text rerouting method was widely used by hackers, but it was easier to pull off than other smartphone hacking methods like SIM swapping. A Security Research Labs researcher said that he had not seen it before, while another researcher said it was "absolutely" in use.

Top Rated Comments

JosephAW Avatar
JosephAW
15 months ago
Now they need to stop robo calls from false local numbers. :cool:
Score: 33 Votes (Like | Disagree)
nutmac Avatar
nutmac
15 months ago
I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Score: 17 Votes (Like | Disagree)
DocklandNightShift Avatar
DocklandNightShift
15 months ago
I try not to use SMS. It’s either iMessage or Signal for me. more people need to realize how utterly open and non private normal texting is
Score: 17 Votes (Like | Disagree)
zorinlynx Avatar
zorinlynx
15 months ago
This is the kind of thing where you're reading the article and asking yourself:

- Why was this possible in the first place??
- If the carriers were able to prevent this from happening, why weren't they already doing so????!!?!11

I swear, our security infrastructure is so fragile. It's only a matter of time before something really, really bad happens.
Score: 15 Votes (Like | Disagree)
TheYayAreaLiving ? Avatar
TheYayAreaLiving ?
15 months ago
Stop the ROBO/TELE-Markeing calls please.
Score: 13 Votes (Like | Disagree)
Rigby Avatar
Rigby
15 months ago

I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Yep. It's a complete joke that you can't secure the most important accounts properly. I'm now using a Google Voice number for 2FA in those cases (no SIM swapping or number porting possible). But they should really offer more secure methods.
Score: 6 Votes (Like | Disagree)
Read All Comments

Related Stories

iOS 15 Messages Feature

Your iPhone May Be Sending Message Read Receipts Even If You Turned Them Off

Friday January 7, 2022 1:59 am PST by
A recurring iOS bug that makes Apple's Messages app send read receipts despite the setting being disabled appears to be on the upswing again, based on reports from users running iOS 15. In iOS, with read receipts enabled (Settings -> Messages -> Send Read Receipts), the "Delivered" text that a person sees under an iMessage they have sent you turns to "Read" when you've viewed it in the...
Read Full Article103 comments
Whatsapp Feature

WhatsApp Readies Message Reactions for iPhone and Android

Wednesday February 2, 2022 4:21 am PST by
WhatsApp's plan to bring iMessage-style message reactions to the massively popular chat platform appears to be entering its final stages, based on new screenshots shared by WABetaInfo. WhatsApp has been working on message reactions – or "Tapbacks" in Apple Messages parlance – for some time, with evidence of their development first coming to light last summer. The feature gives...
Read Full Article34 comments
tmobilelogo

T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

Wednesday December 29, 2021 10:15 am PST by
Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident. Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to...
Read Full Article126 comments
General Apps Messages

Google Exec Pushing RCS Adoption Says He's 'Not Asking Apple to Make iMessage Available on Android'

Monday January 10, 2022 3:24 pm PST by
Google for the last several years has been pushing a new communications protocol called Rich Communication Services, or RCS, which is designed to replace the current SMS standard. RCS offers support for higher resolution photos and videos, audio messages, bigger file size, improved encryption, and more. For the last few months, Google's senior vice president of Android, Hiroshi Lockheimer,...
Read Full Article283 comments
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...
Read Full Article120 comments
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
Read Full Article66 comments
iphone 12 sim card slot blue

iPhone 14 With eSIM Only Will Likely Be Optional Model, Says Analyst

Wednesday January 26, 2022 6:35 am PST by
Last month, a tipster informed MacRumors that Apple had advised major U.S. carriers to prepare for the launch of eSIM-only smartphones by September 2022, suggesting at least one iPhone 14 model might lack a physical nano-SIM card tray. GlobalData analyst Emma Mohr-McClune today expressed her belief that Apple will not switch to eSIM-only iPhones entirely right away, but rather offer an...
Read Full Article104 comments
iPhone SE 3 stacked

Apple Using Streamlined Purchase Process for T-Mobile and AT&T iPhone SE Buyers

Thursday March 17, 2022 2:50 pm PDT by
Apple is streamlining its iPhone purchase process with the launch of the iPhone SE, and has introduced a new buying method that allows customers to purchase T-Mobile and AT&T devices without inputting their current carrier information. As outlined by Bloomberg, customers typically need to provide their wireless phone number and social security number when making an iPhone purchase, a process ...
Read Full Article24 comments

Popular Stories

iPhone 14 Purple Lineup Feature

Will the iPhone 14 Be a Disappointment?

Saturday May 21, 2022 9:00 am PDT by
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13. The iPhone 14 Pro and iPhone 14 Pro Max are expected...
Read Full Article374 comments
apple ar headset concept 1

Apple's Headset Said to Feature 14 Cameras Enabling Lifelike Avatars, Jony Ive Has Remained Involved With Design

Friday May 20, 2022 6:50 am PDT by
Earlier this week, The Information's Wayne Ma outlined struggles that Apple has faced during the development of its long-rumored AR/VR headset. Now, in a follow-up report, he has shared several additional details about the wearable device. Apple headset render created by Ian Zelbo based on The Information reporting For starters, one of the headset's marquee features is said to be lifelike...
Read Full Article157 comments
sony headphones 1

Sony's New WH-1000XM5 Headphones vs. Apple's AirPods Max

Friday May 20, 2022 12:18 pm PDT by
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max. Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...
Read Full Article190 comments
apple music

Apple Increases Apple Music Subscription Price for Students in Several Countries

Sunday May 22, 2022 1:57 am PDT by
Apple has silently increased the price of its Apple Music subscription for college students in several countries, with the company emailing students informing them their subscription would be slightly increasing in price moving forward. The price change is not widespread and, based on MacRumors' findings, will impact Apple Music student subscribers in but not limited to Australia, the...
Read Full Article175 comments
iPhone 13 Face ID

'High-End' iPhone 14 Front-Facing Camera to Cost Apple Three Times More

Monday May 23, 2022 7:05 am PDT by
The iPhone 14 will feature a more expensive "high-end" front-facing camera with autofocus, partly made in South Korea for the first time, ET News reports. Apple reportedly ousted a Chinese candidate to choose LG Innotek, a South Korean company, to supply the iPhone 14's front-facing camera alongside Japan's Sharp. The company is said to have originally planned to switch to LG for the iPhone...
Read Full Article101 comments