Telecom companies may be redirecting your SMSs to hackers for less than $16!

Edited By: Bharat Sharma WION Web Team
New Delhi, India Published: Mar 16, 2021, 11:56 AM(IST)

File photo of a smartphone Photograph:( Others )

Story highlights

Anybody can deploy the attack, and it costs less than $16!

A new attack is affecting SMS messaging with the users never finding out. The attack, uncovered by Motherboard, uses text-messaging management services to redirect messages to hackers from the user.

These services are used by businesses, but now hackers are capitalising on the service’s loopholes. The service essentially provides the hackers access to everything in your texts, ranging from two-factor authentication codes, login links, and one-time passwords that are usually delivered via SMS.

As if that was not enough to scare users, the hackers can also respond to messages on your behalf without you even finding out.

It is common for companies to not tell the user that their messages are being redirected to someone else. And the worst part of it all? Anybody can deploy the attack, and it costs less than $16, as uncovered by a Motherboard reporter, Joseph Cox, who was able to successfully hack his own phone using the exploits already in place within the industry.

Also read: Just 111 Facebook users spread half of Covid vaccine doubts 

Not many companies are doing anything, or worse - lack awareness about the loophole which allows such attacks to continue unabated.

It’s not the attack which could compromise one’s data, but the content of our private SMSs - a service now largely used just for authentication purposes, as users have moved on to app-based messaging like WhatsApp and Telegram.

Also read: Twitter users experiencing bizarre bug banning users for mentioning 'Memphis'

SMSing has become largely obsolete for private conversations, but could still be exploited to access important links, for companies still using SMSs to send password reset links - ranging from banks to social media companies. In addition, many also send login links on SMS.

The attacker can easily click on these links to change passwords of your important accounts and services. Easiest way to avoid being hacked? Stop using SMS services for anything security-related.

Read in App