A flaw in SMS messages that allows hackers to control phone numbers |
The newly discovered SMS attack is almost invisible to the victim and appears to have been identified by the telecom industry and was revealed in the motherboard report.
The attack uses a corporate SMS management service to silently transmit the victim's SMS messages to the hacker so that he can gain access to any two-factor authentication code or login link sent via SMS.
Sometimes, the company providing the service will not send a message to the transmitting number to request permission or even notify the owner, and the SMS will now be sent to others.
With these services, an attacker can not only intercept incoming text messages but also respond to them.
Someone managed to attack motherboard correspondent Joseph Cox (Joseph Cox), costing the attacker only $ 16.
When Cox reached out to other companies that offer SMS forwarding services, some of them said they had seen this type of attack before.
According to reports, the motherboard of the company that was using the vulnerabilities had been fixed, but there were other similar vulnerabilities and no one appears to be responsible for the company.
Hackers have discovered many ways to use SMS and cellular systems to receive text messages from other people. However, thanks to SMS forwarding, it can take a long time to know that other people are receiving your messages.
The main problem with SMS attacks is the security risks for your other accounts.
If an attacker managed to obtain the password reset link or code sent to your phone number, they could gain access to your account.
The attack indicates that SMS should be avoided for security reasons. So it is best to use apps like Google Authenticator or Authy for two-factor authentication.
Some password managers even have built-in support for two-factor authentication, like 1Password or many other free managers.
However, there are still services and companies that use text messaging, such as the banking industry.