U.S. Carriers Fix SMS Routing Vulnerability That Let Hackers Hijack Texts

Major carriers in the U.S. like Verizon, T-Mobile, and AT&T have made a change to how SMS messages are routed to put a stop to a security vulnerability that allowed hackers to reroute texts, reports Motherboard.

sms message iphone
Carriers introduced the change after a Motherboard investigation last week revealed how easy it is for hackers to reroute text messages and use the stolen information to break into social media accounts. The site paid a hacker $16 to reroute texts using the tools of a company called Sakari, which helps businesses with mass marketing.

Sakari offered a text rerouting tool from a company called Bandwidth, which was supplied by another company called NetNumber, resulting in a confusing network of companies contributing to a vulnerability that left SMS texts open to hackers (Motherboard has more information on the process in its original article). The hacker hired by Motherboard was able to access Sakari's tools without any authentication or consent from the rerouting target, successfully getting texts from Motherboard's test phone.

Sakari is meant to allow businesses to import their own phone number for sending mass texts, which means a business is able to add a phone number to send and receive texts through the Sakari platform. Hackers could abuse this tool by importing a phone number of a victim to get access to the person's text messages.

Aerialink, a communications company that helps route text messages, said today said that wireless carriers are no longer supporting SMS or MMS text enabling on wireless numbers, something that "affects all SMS providers in the mobile ecosystem." This will prevent the hack demonstrated by Motherboard last week from working.

It is not clear if this text rerouting method was widely used by hackers, but it was easier to pull off than other smartphone hacking methods like SIM swapping. A Security Research Labs researcher said that he had not seen it before, while another researcher said it was "absolutely" in use.

Top Rated Comments

JosephAW Avatar
22 months ago
Now they need to stop robo calls from false local numbers. :cool:
Score: 33 Votes (Like | Disagree)
nutmac Avatar
22 months ago
I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Score: 17 Votes (Like | Disagree)
DocklandNightShift Avatar
22 months ago
I try not to use SMS. It’s either iMessage or Signal for me. more people need to realize how utterly open and non private normal texting is
Score: 17 Votes (Like | Disagree)
zorinlynx Avatar
22 months ago
This is the kind of thing where you're reading the article and asking yourself:

- Why was this possible in the first place??
- If the carriers were able to prevent this from happening, why weren't they already doing so????!!?!11

I swear, our security infrastructure is so fragile. It's only a matter of time before something really, really bad happens.
Score: 15 Votes (Like | Disagree)
TheYayAreaLiving ? Avatar
22 months ago
Stop the ROBO/TELE-Markeing calls please.
Score: 13 Votes (Like | Disagree)
Rigby Avatar
22 months ago

I wish I can disable SMS 2FA across the board. Many financial institutions require it.
Yep. It's a complete joke that you can't secure the most important accounts properly. I'm now using a Google Voice number for 2FA in those cases (no SIM swapping or number porting possible). But they should really offer more secure methods.
Score: 6 Votes (Like | Disagree)

Related Stories

iOS 15 Messages Feature

Your iPhone May Be Sending Message Read Receipts Even If You Turned Them Off

Friday January 7, 2022 1:59 am PST by
A recurring iOS bug that makes Apple's Messages app send read receipts despite the setting being disabled appears to be on the upswing again, based on reports from users running iOS 15. In iOS, with read receipts enabled (Settings -> Messages -> Send Read Receipts), the "Delivered" text that a person sees under an iMessage they have sent you turns to "Read" when you've viewed it in the...
Whatsapp Feature

WhatsApp Readies Message Reactions for iPhone and Android

Wednesday February 2, 2022 4:21 am PST by
WhatsApp's plan to bring iMessage-style message reactions to the massively popular chat platform appears to be entering its final stages, based on new screenshots shared by WABetaInfo. WhatsApp has been working on message reactions – or "Tapbacks" in Apple Messages parlance – for some time, with evidence of their development first coming to light last summer. The feature gives...
tmobilelogo

T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

Wednesday December 29, 2021 10:15 am PST by
Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident. Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to...
General Apps Messages

Google Exec Pushing RCS Adoption Says He's 'Not Asking Apple to Make iMessage Available on Android'

Monday January 10, 2022 3:24 pm PST by
Google for the last several years has been pushing a new communications protocol called Rich Communication Services, or RCS, which is designed to replace the current SMS standard. RCS offers support for higher resolution photos and videos, audio messages, bigger file size, improved encryption, and more. For the last few months, Google's senior vice president of Android, Hiroshi Lockheimer,...
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
iphone 12 sim card slot blue

iPhone 14 With eSIM Only Will Likely Be Optional Model, Says Analyst

Wednesday January 26, 2022 6:35 am PST by
Last month, a tipster informed MacRumors that Apple had advised major U.S. carriers to prepare for the launch of eSIM-only smartphones by September 2022, suggesting at least one iPhone 14 model might lack a physical nano-SIM card tray. GlobalData analyst Emma Mohr-McClune today expressed her belief that Apple will not switch to eSIM-only iPhones entirely right away, but rather offer an...
iPhone SE 3 stacked

Apple Using Streamlined Purchase Process for T-Mobile and AT&T iPhone SE Buyers

Thursday March 17, 2022 2:50 pm PDT by
Apple is streamlining its iPhone purchase process with the launch of the iPhone SE, and has introduced a new buying method that allows customers to purchase T-Mobile and AT&T devices without inputting their current carrier information. As outlined by Bloomberg, customers typically need to provide their wireless phone number and social security number when making an iPhone purchase, a process ...

Popular Stories

General Black Friday Deals 2022 Green

All the Apple Black Friday Deals You Can Still Get

Friday November 25, 2022 4:40 am PST by
Although Black Friday is now technically over, many Apple products are still seeing major discounts through the weekend as we head into Cyber Monday. In this article, you'll find every Apple device with a notable Black Friday sale that's still available. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet. Note:...
iphone 14 pro hands snowflakes 1

Best Cyber Monday iPhone Deals Available Today

Wednesday November 23, 2022 1:55 pm PST by
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Cyber Monday is no different. We're tracking notable offers on the iPhone 14 and iPhone 14 Pro devices from AT&T, Verizon, and T-Mobile. For even more savings, keep an eye on older models like the iPhone 13. Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
maxresdefault

Nothing Phone 1 Displays AirPods Battery Level After Latest OS Update

Friday November 25, 2022 3:33 am PST by
Nothing Phone 1 users today began receiving the Nothing OS 1.1.7 update, which adds support for displaying the battery percentage of connected AirPods, amongst other improvements and bug fixes. If you own a Nothing Phone 1, you can check for the OTA update by going to Settings -> System -> System updates. Bear in mind that as support for displaying AirPods battery level is still an...
ipad holiday bulbs

Best Cyber Monday iPad Deals Available Today

Thursday November 24, 2022 12:25 pm PST by
Cyber Monday deals have been in full swing since Black Friday deals ended, and we're seeing solid discounts on Apple devices. We're highlighting the best sales for all of Apple's product lines, and in this article you'll find the best Cyber Monday sales on iPad, iPad Pro, iPad Air, and iPad mini. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make ...
airpods pro 2

Apple Engineer Addresses Lack of Lossless Support on New AirPods Pro

Friday November 25, 2022 2:58 am PST by
An Apple engineer has addressed the lack of lossless audio support in the second-generation AirPods Pro in a new interview. Current Bluetooth technology in the AirPods lineup means that Apple's audio products do not support Apple Music Lossless audio. Apple has previously hinted that it may develop its own codec and connectivity standard that builds on AirPlay and supports higher quality...
Cyber Monday Deals Feature 2022

Best Cyber Monday Apple Deals Still Available for AirPods, Apple TV, iPad, and More

Monday November 28, 2022 5:24 am PST by
The Black Friday and Cyber Monday holiday shopping rush is drawing to a close, but there are still some good deals to be had out there. For Apple products, many of the deals you've seen since last week are still available, though some have expired. So for anyone who missed out on Black Friday deals, there's still an opportunity to get some of the year's best prices on many Apple devices. Note: ...
Apple Watch Ultra Oceanic Plus App

Apple Announces Oceanic+ App Now Available for Apple Watch Ultra

Monday November 28, 2022 6:11 am PST by
Apple today announced that the Oceanic+ app is available for the Apple Watch Ultra starting today. Designed by Huish Outdoors in collaboration with Apple, the app serves as a dive computer for recreational scuba diving at depths up to 40 meters/130 feet. Apple already offers a basic Depth app on the Apple Watch Ultra for viewing your current depth, maximum depth reached, water temperature,...
Three Biggest iPhone SE 4 Questions Feature

Three Biggest Questions About the iPhone SE 4

Saturday November 26, 2022 12:00 am PST by
While we already have some clear indications about what to expect from the fourth-generation iPhone SE, there are three major questions looming over the device at the current time. Chinese site MyDrivers and and leaker Jon Prosser believe that the iPhone SE is set to move to an iPhone XR-like design in its next incarnation, which would involve eliminating the Home button and adding a "notch" ...