A flaw in SMS messages that allows hackers to control phone numbers
A newly discovered SMS attack is nearly invisible to victims, and appears to have been approved by the telecom industry, and was revealed in a report by Motherboard.
The attack uses text message management services targeting businesses to silently forward text messages from the victim to the hackers, giving them access to any two-factor authentication codes or login links that are sent via the text message.
Sometimes the companies providing the service do not send any type of message to the number that is being forwarded, either to request permission or even to notify the owner that the SMS will now be sent to someone else.
By using these services, attackers can not only intercept incoming text messages, but can respond to them as well.
Someone succeeded in carrying out the attack on Joseph Cox, Motherboard's correspondent, and this cost the attacker only $ 16.
And when Cox contacted other companies that offer SMS forwarding services, some of them reported having seen this type of attack before.
The specific company Motherboard used has reportedly fixed the loophole, but there are several others similar to it, and no one appears to hold the companies accountable.
Hackers have found numerous ways to exploit SMS and cellular systems to gain access to other people's SMS text messages, but with SMS forwarding, it can take a long time before you notice that someone else is receiving your messages.
The primary concern of SMS attacks is the security implications of your other accounts.
If the attacker was able to obtain the password-reset link or code sent to your phone number, he would be able to access it and gain access to your account.
This attack highlights that SMS should be avoided for anything related to security, and it is better to use an app like Google Authenticator or Authy for two-factor authentication.
Some password managers even have built-in two-factor authentication support, like 1Password, or many other free managers.
However, there are still services and companies that use text messaging, such as the banking industry.