Hackers Can Secretly Read Your SMS Texts For Just Over ?1,000
In a never seen before cyberattack hackers can covertly reroute text messages to their devices without the knowledge of victims for just over ?1000 $16. And then use it to compromise online accounts that rely on texts for authentication.
In a never seen before cyberattack, hackers can covertly reroute text messages to their devices without the knowledge of victims for just over ?1,000 ($16), the Motherboard reported. And then use it to compromise online accounts that rely on texts for authentication.
The fact that it¡¯s swift, silent and can be achieved with relative ease makes it all the more menacing.
¡°The hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him,¡± Joseph Cox, the Motherboard reporter, wrote. Services such as these don¡¯t alert or ask for any approval from the owner of the said number before redirecting messages.
According to the report, Cox had someone successfully breach his number, which the attacker claimed, cost him just $16. Thereafter, ¡°the hacker sent login requests to Bumble, WhatsApp, and Postmates, and easily accessed the accounts.¡±
Why SMS-based 2FA is vulnerable
It¡¯s a great idea to use two-factor authentication (2FA). It adds an extra level of security to your online accounts and keeps you safe from increasingly sophisticated password attacks. But then you put yourself at risk when you get codes over text, or SMS.
Turns out, the phone networks as well as your phone companies are bad at security. Hackers can exploit vulnerabilities in your telecom network to listen to your calls, intercept texts and even trace your location.
Your carrier provider, on the other hand, can be tricked into porting a phone number to a new device in what is called SIM swapping. But in that case, your device will be disconnected from the network and you¡¯d know that your phone number has been compromised.
However, in cases such as this where hackers can reroute text messages, it¡¯d take you some time to realise that someone else is actually getting your messages. And that¡¯s long enough to break into your online accounts that rely on texts for authentication.
Therefore, for 2FA, experts recommend that you use authentication apps such as Google Authenticator, Microsoft Authenticator or Authy.