The hacking techniques are countless and we face them every day. A new SMS flaw allows hackers to take over phone numbers in minutes by simply paying a company to forward their text messages. Thus, access to the accounts from your phone can be done for 16 dollars.
A journalist from Vice, named Joseph Cox, wrote an article in which he tells what happened to him.
He adds that there was no sign that he had been hacked. It still had signal, the phone said it was still connected to the T-Mobile network, and nothing was out of the ordinary there. But the hacker redirected her text messages quickly, stealthily and largely effortlessly. And all for just $16.
The hacker easily used a service from a company called Sakari, which helps businesses do SMS marketing, to forward his messages. This neglected attack vector shows not only how flawed SMS tools are, but also how flawed our telecommunications infrastructure is.
Getting Hackers Into Your Phone Is Cheaper and Easier Than You Think
Once a hacker is able to forward a target's text messages, then it's trivial to get into other accounts associated with that number as well by phone. In this case, the hacker sent login requests to Bumble, WhatsApp and Postmates and easily accessed the accounts. “Within minutes of entering my number into Sakari, Lucky225 started receiving text messages that were meant for me. I have not received any call or text notification from Sakari asking me to confirm that my number will be used by their service. I just stopped getting messages,” Cox wrote.
The attack method has implications for cybercrime, where criminals often take over a target's phone numbers to harass them or hack their bank account. The attack also brings private, corporate and national security issues where once a hacker gains a foothold on a victim's phone number, they may be able to intercept sensitive or secret personal information.
The attack method has implications for cybercrime
It is not clear how much this virtual attack method is actually used on mobile numbers. Karsten Nohl, a researcher at Security Research Labs who has investigated telecommunications security for years, said he had never seen it before.
As for how Sakari has this ability to transfer your phone, Security Research Labs' Nohl said that "there is no standardized global protocol for sending text messages to third parties, so these attacks will rely on individual agreements with telecommunications hubs or SMS'.
Following this incident, Sakari added a security feature where a number will receive an automated call asking the user to send a security code back to the company to confirm they have consent to port that number.