Posted on November 4, 2019 at 2:19 PM
After smartphones emerged, many mobile phone users around the world started using SMS almost completely, focusing on apps such as WhatsApp, Viber, and many others. However, there are still quite a few people that use SMS during texting, whether occasionally or all the time. This is what Chinese hacking groups are relying on in order to steal data and spy on people.
According to recent sources, telcos have been heavily targeted by hackers as they represent goldmines of metadata, as well as personally identifiable info, and of course — the contents of the messages themselves.
Researchers have always known and warned about the insecurity of unencrypted methods of communication, and state-sponsored hackers kept relying on those who ignored such warnings. In other words, there is more than enough reason for everyone to start using safer forms of communication, or risk being monitored not only by telcos but by hackers as well.
Hacking groups coming up with new campaigns
Earlier this year, in June, there were several reports of researchers claiming that the Chinese state-sponsored hacking group known as APT10 managed to compromise cellular carriers. At least 10 such companies were hit, and hackers were allegedly after some specific individuals.
That campaign was originally noticed by a cybersecurity company, FireEye. Now, the firm has reported another group, known as APT41, which is following in APT10’s footsteps. This group was noticed before, in August 2019, when it was reported that it is using brute force campaigns to collect massive amounts of data, and using keywords to target specific individuals.
However, according to fresh reports, the same group managed to infect SMSC (Short Message Service Centre) servers within multiple telcos and infect them with malware. The malware in question is known as MESSAGETAP, and it can grant hackers pretty much open access to all SMS traffic, as well as message content.
Now, according to researchers, the new malware does not apply the same type of brute force attack that the group used earlier. Instead, it is a stealthy one, meaning that it can avoid detection for a long time. It also searches for specific keywords, and FireEye believes that the words it searches are of geopolitical interest to China.
The keywords are likely tied to specific names, groups, locations, events, firms, agencies, and alike, although FireEye did not share details about what the hackers are after. When the malware detects one such word while combing through the messages, it compares the numbers of sender and receiver to its targeted list. This indicates that the hackers are once again after specific individuals, as mentioned, and should one of the numbers match with their list, they record all details of that specific communication.
This method is also being used for extracting call details from the servers’ records. Fortunately, they still have no way of eavesdropping on the calls, but the metadata itself represents extremely valuable information to Chinese intelligence agencies, which might be employing the hackers.
With it, they can perform analysis that could reveal potential patterns and plan their actions from thereon. The report indicates that China is once again massively collecting data and mining for value. So far, FireEye believes that only four telcos have been targeted by this specific group this year. However, there are four other companies that were also targeted by other hacking groups that are also believed to be of Chinese origin.
Messaging apps are safer than SMS
Of course, another big question is why so many people are still using SMS for messaging purposes? There are many messaging apps and platforms that are much safer, thanks to the fact that they are encrypted. Sending messages through them, especially when it comes to sensitive information, is not only free but also much safer. Apart from WhatsApp and Viber, there are also iMessage, Wickr, Signal, Telegram, and many others.
The governments have also complained that the encryption used by these platforms also prevents their own agencies from tapping into messages, which is why they themselves use them to protect their data from others. The time of sending messages safely has long passed, and anyone concerned about their security would do well to remember that SMS is far from safe and recommended a method of communication.