A recent report reveals that a new text messaging attack that is almost invisible to victims can give hackers access to private accounts protected by two-factor authentication.
A recent report from Vice titled “A Hacker Got All My Texts For $16,” reveals how hackers are using a new text messaging attack to gain access to the private info and accounts of targets. The article describes how easily a hacker was able to gain access to personal accounts, writing:
I didn’t expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me.
Looking down at my phone, there was no sign it had been hacked. I still had reception; the phone said I was still connected to the T-Mobile network. Nothing was unusual there. But the hacker had swiftly, stealthily, and largely effortlessly redirected my text messages to themselves. And all for just $16.
I hadn’t been SIM swapped, where hackers trick or bribe telecom employees to port a target’s phone number to their own SIM card. Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him. This overlooked attack vector shows not only how unregulated commercial SMS tools are but also how there are gaping holes in our telecommunications infrastructure, with a hacker sometimes just having to pinky swear they have the consent of the target.
Vice spoke to the hacker who hijacked their phone number, identified by the screen name Lucky225. The hacker gained access to the Vice journalist’s accounts with their permission in order to demonstrate just how easily this could be done.
The hacker explained the process stating: “I used a prepaid card to buy their [Sakari’s] $16 per month plan and then after that was done it let me steal numbers just by filling out LOA info with fake info.” LOA refers to a Letter of Authorization, a document stated that the signer has the authority to switch a telephone number.
Read more at Vice’s Motherboard here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com
COMMENTS
Please let us know if you're having issues with commenting.