Hackers Steal Texts and Social Media Accounts with SMS Redirection Hacks

137
SHARE

The latest scam to be cautious of is SMS Redirection hacks. We live in the age of technology. And with each new development, there are potential threats. Anything you do online or with your phone can be hacked.

The latest hack attack is taking place on text messaging through a process called SMS redirection.

It’s hard to detect, even when it’s happening to you. This attack is invisible to the victim and it’s hard to figure out someone else is getting your messages. The attacker has more than enough time to compromise your accounts. And the telecom carriers aren’t doing much about it either!

Signup for the USA Herald exclusive Newsletter

Hidden hacking via SMS Redirection Hacks

According to reporting by Joseph Cox in Motherboard-Vice SMS redirection can be effectively used on individuals or businesses. Cox had his own texts hacked and stolen using the Sakari app. For $16 you get a month’s worth of service with up to 500 texts.

Sakari is a cloud-based text marketing platform that aids businesses with marketing, sales, and customer service. Businesses use the platform to automate marketing campaigns by creating and sending bulk messages across multiple contacts.

The app has an unintended consequence. Sakari enables hackers to access one-time passwords (OTP) or login links sent via text message. In most cases, companies providing the service fail to notice the number that’s being redirected. No one has to request permission to send your texts to someone else.

Using these services, attackers intercept incoming text messages and reply to them. It is a hidden attack that redirects text messages from a victim to a hacker. 

With any SMS attack, the big issue is the security of your other accounts. A hacker need only  request a password reset link or code sent to your phone number. They redirect links, so they get the code. This enables them to access your account. Text messages can also send login links. The Motherboard report says that Postmates, WhatsApp, and Bumble all send login links via text. 

In SIM jacking, the hacking victim loses cell service when the hack starts. But with the redirection method, you can still talk and text. There is no warning that your service is under attack.

The “SS7 exploitation” is an even more complex hack. Hackers inject code into a carrier’s backbone and can randomly intercept a lot of users’ messages. 

Exploit remains carriers respond

T-Mobile claims to have made a repair to SMS redirection that Motherboard reports. The exploit still remains in other companies. And so far no one is holding the phone companies responsible. 

AT&T and Verizon both direct reporters to the Cellular Telecommunications and Internet Association (CTIA). CTIA claims there’s “no indication of any malicious activity involving the potential threat or that any customers were impacted.”

Avoid sending sensitive or secure communications on text messages.  It’s safer to use more secure password managers with two-factor authentication (2FA) support like 1Password, Google Authenticator, or Authy.