Posted on March 16, 2021 at 4:28 PM
A new attack on SMS messaging has been discovered where the hacking attempt is seemed to be sanctioned by telecom companies and almost unnoticeable to victims.
Motherboard uncovered this attack as it silently redirects tact messages from the victim to hackers. According to the report, the SMS attack allows the hacker to have two-factor codes or have access to login links sent through text messages.
In several instances, the firm offering the service does not send any messages to the redirected numbers to notify the users or to ask permission that the message is going to someone else.
In a way, the attacks are successful due to the negligence of the telecom industry. The attackers can redirect vital text messages and deceive the victims, who may think the message is coming from telecom companies.
The attack was discovered by Motherboard reporter Joseph Cox after he called a hacker to carry out the same attack on his number. The result of the hacking attempt showed that the SMS that was meant to be delivered to his mobile number was redirected to another number.
Since his SMSes are never sent to his phone, he may not realize he is being targeted, as Cox has discovered.
Users are still vulnerable
In the case of Cox, the firm providing this service has claimed the problem has been fixed. However, this was only because Cox reported the situation to the company. Several other telecom firms don’t know these issues exist but they have not tried to fix them, according to Motherboard.
The telecom firms are still blaming CTIA, the trade organization for the U.S. wireless industry. CTIA has reached out to Motherboard, saying that it is not sure whether that malicious activities with threats to customers have impacted anyone yet.
Another worrying thing about the attack is the fact that the hacker can have access to the service by paying only $16, which is generally the normal fee demanded by SMs providers for redirection of text messages.
New SMS attack considered more critical
This is one of many other hacking activities involving SMS and cellular systems. SS7 and SIM swapping attacks have been existing for a long time now, as it impacts a large number of users.
But the difference between the previous attacks and the new one is the fact that the victim of the former is usually aware within few moments that his phone has been compromised. The network is usually lost completely during these attacks.
But the SMS redirection attack is quite different, as the victim does not have an idea that his phone has been breached. As a result, the attack can go on for a long time without the victim’s knowledge. The Motherboard researchers say that is what makes the SMS redirection attack more dangerous.
The attacker can redirect the victim’s OTP and receive it on their behalf for the transactions of different authentication-enabled activities. The victim can also lose access to their accounts if their passwords are reset.
In a worst-case scenario, the hacker can log into the victim’s WhatsApp account with their OTP and have access to their chats.
Cox revealed that the exploit impacted his Postmates, Bumble, and WhatsApp accounts as the hackers were able to log in and screenshot the content. With this access, the hackers could choose to blackmail the victim into paying ransom for the screenshots.
Protection against SMS redirection attack
Users have been advised not to rely completely on the SMS services to avoid being a victim of such situation. They should use authentication apps like Google Authenticator or Authy for two-factor authentication (2FA). And when it comes to bank-related OTPs, the user should have his email address registered with their accounts to receive the message rather than relying on SMS.
The main issue with SMS attacks is the fact that the threat actors could compromise the victims’ other accounts. They can have access to important sections of the phone where vital details about other accounts such as passwords are stores. As a result, users have also been advised to ensure the protection of their passwords and their safe storage to opening the door for hackers.