It’s time to stop using SMS for anything.

[sman]

It’s time to stop using SMS for anything.

"https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80"

By now most infosec professionals are aware of various ways SMS text messaging can be hijacked. For example so-called “SIM Swap” attacks, SS7 attacks, Port-out fraud, etc. All of these attacks however do require some level of sophistication, whether it be high level access to SS7, or account information or social engineering to successfully port out the phone number to a new provider or swap the sim on the existing account.

Your OTP may not be safe as new SMS attack redirects texts to hackers

Besides all the things this new attack involves, the most interesting aspect is that the tools only need hackers to pay $16.

 

https://www.indiatoday.in/amp/technology/news/story/your-otp-may-not-be-safe-as-new-sms-attack-redirects-texts-to-hackers-1779805-2021-03-16

 

Hackers are leveraging an exploit in the SMS management service for an attack.

Hackers are able to redirect any SMS meant for a number to their own system.

These services are available through several companies for as low as $16.

Just when you think your mobile phone is finally free of any potential threat from hackers, a new attack is always lurking. A new attack has now been discovered where hackers are able to redirect SMS bound for the victim’s phone number to their systems. Hackers use text-messaging management services, meant for business, to carry out the attack, thanks to the exploit in these services. So, in a way, these attacks are possible because of the negligence of the telecom industry, at least in the US, and hackers are in for a treat. Using the attack, hackers can redirect important text messages, such as those containing OTP or login links for services such as WhatsApp.

Edited March 17, 2021 by AdvancedSetup
disabled live hyperlink