For $16, Companies Can Reroute Your Text Messages To Hackers Without Your Consent

A newly discovered cybersecurity threat came to light after a reporter revealed telecom companies can reroute a person's text messages to a hacker for a measly amount of $16.

To demonstrate the flaw, Motherboard reporter Joseph Cox shared how a hacker successfully carried out an attack targeting his phone number.

A Woman Texting
Stock Snap from Pixabay

Using an SMS redirection service by a company called Sakari, the hacker did not only manage to break into Cox's text messages without consent, but he was also able to receive and reply to the reporter's text messages without his knowledge.

Cox, later on, contacted other companies that offer SMS redirection services and was told that they had seen this sort of attack before.

This attack not only proved the gaping holes in the telecommunications infrastructure, but it also showed how unregulated commercial SMS tools really are.

Unlike SIM swapping, where a phone completely disconnects from a cellular network, SMS redirection is particularly hard to notice and gives enough time for hackers to compromise the victim's accounts.

Telecommunications Blunder

AT&T, T-Mobile, and Verizon were asked why this type of attack is even possible but diverted the query over to the Cellular Telecommunications and Internet Association (CTIA) - a trade association representing the wireless industry.

CTIA said that they immediately investigated the issue and took precautionary measures as soon as being told of the potential threat.

However, they explained that the carriers were unable to detect any malicious activity and therefore unable to replicate the threat.

Cybersecurity Legislation

The statement issued by CTIA caught the attention of Senate Finance Committee Chairman Ron Wyden, who pointed out the enormity of the threat towards one's safety and security.

According to the Washington Post, the Democratic senator strongly urged the FCC to intervene and "use its authority to force phone companies to secure their networks from hackers."

Lawmakers had been debating the importance of passing legislation that requires companies to report major cyber breaches to the government for more than a decade.

However, the recent breaches of SolarWinds and Microsoft Exchange have renewed the issue, forcing companies to actively urge Congress to take immediate action.

Representatives Jim Langevin (D-R.I.) and Michael McCaul (R-Tex.) had been working side-by-side to introduce a pair of bills to identify which incidents would require reporting to the government and if the breach needs to be said to the public.

"We want to give certainty in terms of when customers would need to be notified and when it's important to report to the government when you have an incident," said Langevin.

He added that the urgency created by the SolarWinds breach gives their bill a good chance at passing compared to previous attempts, as the incident proved the necessity and timeliness of the legislation.

Meanwhile, the Biden administration had recently announced that a team had been formed to ramp up coordination between the private sector and the government.

The White House is also looking at potential solutions, such as a rating system for software and one that requires home devices to come with a security label.

The administration clarified that the President does not intend to grant the government additional authorities to surveil domestic Internet traffic for hackers.

This article is owned by Tech Times

Written by Lee Mercado

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics