U.S. Carriers Fix SMS Routing Vulnerability That Let Hackers Hijack Texts

Major carriers in the U.S. like Verizon, T-Mobile, and AT&T have made a change to how SMS messages are routed to put a stop to a security vulnerability that allowed hackers to reroute texts, reports Motherboard.

sms message iphone
Carriers introduced the change after a Motherboard investigation last week revealed how easy it is for hackers to reroute text messages and use the stolen information to break into social media accounts. The site paid a hacker $16 to reroute texts using the tools of a company called Sakari, which helps businesses with mass marketing.

Sakari offered a text rerouting tool from a company called Bandwidth, which was supplied by another company called NetNumber, resulting in a confusing network of companies contributing to a vulnerability that left SMS texts open to hackers (Motherboard has more information on the process in its original article). The hacker hired by Motherboard was able to access Sakari's tools without any authentication or consent from the rerouting target, successfully getting texts from Motherboard's test phone.

Sakari is meant to allow businesses to import their own phone number for sending mass texts, which means a business is able to add a phone number to send and receive texts through the Sakari platform. Hackers could abuse this tool by importing a phone number of a victim to get access to the person's text messages.

Aerialink, a communications company that helps route text messages, said today said that wireless carriers are no longer supporting SMS or MMS text enabling on wireless numbers, something that "affects all SMS providers in the mobile ecosystem." This will prevent the hack demonstrated by Motherboard last week from working.

It is not clear if this text rerouting method was widely used by hackers, but it was easier to pull off than other smartphone hacking methods like SIM swapping. A Security Research Labs researcher said that he had not seen it before, while another researcher said it was "absolutely" in use.

Top Rated Comments

JosephAW Avatar
8 months ago
Now they need to stop robo calls from false local numbers. :cool:
Score: 33 Votes (Like | Disagree)
nutmac Avatar
8 months ago
I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Score: 17 Votes (Like | Disagree)
DocklandNightShift Avatar
8 months ago
I try not to use SMS. It’s either iMessage or Signal for me. more people need to realize how utterly open and non private normal texting is
Score: 17 Votes (Like | Disagree)
zorinlynx Avatar
8 months ago
This is the kind of thing where you're reading the article and asking yourself:

- Why was this possible in the first place??
- If the carriers were able to prevent this from happening, why weren't they already doing so????!!?!11

I swear, our security infrastructure is so fragile. It's only a matter of time before something really, really bad happens.
Score: 15 Votes (Like | Disagree)
TheYayAreaLiving Avatar
8 months ago
Stop the ROBO/TELE-Markeing calls please.
Score: 13 Votes (Like | Disagree)
Rigby Avatar
8 months ago

I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Yep. It's a complete joke that you can't secure the most important accounts properly. I'm now using a Google Voice number for 2FA in those cases (no SIM swapping or number porting possible). But they should really offer more secure methods.
Score: 6 Votes (Like | Disagree)

Related Stories

project x feature blue

Former Apple Employee Responds to Lawsuit Accusing Him of Leaking Trade Secrets to Media

Tuesday May 4, 2021 9:14 am PDT by
Last month, Apple filed a lawsuit against Simon Lancaster, a former employee who allegedly used his senior position within the company to steal "sensitive trade secret information" that he then provided to a reporter. Lancaster responded to the complaint this week in California court. In his formal answer, obtained by MacRumors, Lancaster denied that he abused his position and trust within...
f1623085603

Apple Announces iOS 15: First Look at New Features

Monday June 7, 2021 10:07 am PDT by
Apple today previewed iOS 15, the company's next major update for the iPhone, featuring new video calling capabilities, improvements to Messages, user statuses, a smart notification summary, and more. FaceTime In iOS 15, FaceTime features a new grid view and portrait mode support for video. For audio, FaceTime calls now offer Spatial Audio so that voices sound as if they are coming from...
apple findmy network feature

Find My Network Exploited to Send Messages

Wednesday May 12, 2021 8:11 am PDT by
An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher. Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the...
Apple iPadPro iPadOS15 springboard widgets 060721 big

Apple Introduces iPadOS 15: First Look at New Features

Monday June 7, 2021 10:59 am PDT by
Apple today unveiled iPadOS 15, its next-generation operating system for iPad that introduces a slew of new features like widgets on the Home Screen, an iPhone-style App Library, new multi-tasking features, and more. Here's a rundown of what to expect. Widgets Like iOS 14, iPadOS 15 lets users place widgets anywhere on their Home Screen pages and among their apps. Widgets are also...
wwdc 2021 live coverage

WWDC 2021 Apple Event Live Keynote Coverage: iOS 15, macOS 12, and More

Monday June 7, 2021 9:02 am PDT by
Apple's all-online Worldwide Developers Conference (WWDC) starts today with the traditional keynote kicking things off at 10:00 a.m. Pacific Time. We're expecting to see a number of announcements, including iOS 15, macOS 12, watchOS 8, and tvOS 15, but it's unclear what else we'll be seeing at the event. While there had been some claims of redesigned MacBook Pro models making an appearance...
iWork Trio Feature

Apple Updates iWork for iOS and macOS With New Linking Features and More

Tuesday June 1, 2021 9:20 am PDT by
Apple today updated its suite of iWork apps, including Pages, Keynotes, and Numbers for iOS and macOS, with new features related to Schoolwork and the ability to link web pages, email addresses, and phone numbers to different shapes and objects. For Pages and Numbers on iOS and macOS, the updates include the ability for users to link different elements, such as a link to a web page, an email ...
facebook transfer

Facebook Now Lets Users Export Text Posts and Notes

Tuesday April 20, 2021 1:09 am PDT by
Facebook has introduced a tool that lets users export notes and text-based posts to third-party services, making it easier than ever to leave the social network without saying goodbye to your content. The new "data portability types" mean people can now directly transfer their notes and posts to Google Docs, Blogger and WordPress. The updates are extensions to Facebook's existing tool that...
ipad pro carrier subsidies

Carriers Offering Discounts Up to $200 to Subsidize Higher Cost of 5G iPad Pro Models

Tuesday April 20, 2021 3:08 pm PDT by
The major wireless carriers in the United States are teaming up with Apple to subsidize the cost of the new 5G iPad Pro, which debuted today. Choosing cellular over WiFi carries a $200 premium, which is more expensive than the $130 upgrade price that Apple normally charges for a cellular model. As noted by Bloomberg, carriers are hoping to encourage customers to purchase the new 5G tablets...
Best Buy Chat Feature

Best Buy Gains Apple Business Chat Support

Monday April 19, 2021 6:49 am PDT by
Customers can now message Best Buy to get questions answered, store timings, resolve issues, and more using iMessage through Apple's Business Chat feature, as first reported by Apple blog Appleosophy. Using iMessage Business Chat, Best Buy customers can now initiate a conversation with the retail chain by either navigating to a Best Buy location on Apple Maps and tapping the "Message" button ...
apple security banner

macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections

Monday April 26, 2021 11:03 am PDT by
Apple today confirmed to TechCrunch that the just-released macOS 11.3 software update patches a security vulnerability that reportedly could have allowed a hacker to remotely access a user's sensitive data by tricking a user into opening a spoofed document. "All the user would need to do is double click — and no macOS prompts or warnings are generated," said security researcher Cedric...