I have obviously been receiving fake text messages from “Amazon” since last week. Whether it’s hack, spam, scam, whatever, I know they’re not real, but I wondered where they came from. This news makes me think even more: SMS can be redirected to hackers for just $ 16.
Hackers buy SMS access
You receive errant text messages and you don’t know where they are coming from? Companies you trust may have sold access to your messages to hackers, which may include private data.
Motherboard reporter Joseph Cox tested this theory, and the hacker who got access to his SMS only paid $ 16. So maybe someone paid a few dollars for your SMS as well.
There are companies that handle the text messages that seem to be behind this, or at the very least, they are enablers in this scenario. These services silently redirect text messages. Sometimes they redirect them into the hands of attackers.
Often times, these companies don’t even send messages to account owners to let them know that their text messages are being redirected to someone they don’t know and don’t have access to. Attackers have the ability not only to intercept your messages, but also to respond to them. What would they say eventually?
Cox managed to get someone to attack his phone number, the one that only cost the attacker $ 16. He was also able to get SMS redirect services to admit that they had seen this type of attack before.
This is a feat on the part of SMS forwarding services. They apparently believe they are selling access to other legitimate businesses. The company that sold Cox’s number has now fixed the exploit.
AT&T and Verizon were approached by The edge whether it was possible for messages to be redirected to hackers. The two companies suggested contacting the wireless industry’s trade organization, CTIA. CTIA told Motherboard that it had “no indication of malicious activity involving the potential threat or that customers were affected.”
These were already other known methods of text messaging interference. The industry has been aware of SMS exchanges and OHS attacks for a few years. Victims of the SMS exchange are aware of the attacks, however. It won’t be as obvious when your texts are redirected.
It could be even worse than just accessing your SMS messages – it could spread to your other accounts. Think about all the password reset codes that are sent to you via SMS. With access to your account, an attacker now also has access to these reset accounts. Connection links are also sent by text. More accounts have now been opened to hackers.
For all these reasons, avoid sending anything security via your SMS. This includes two-factor authentication. Sometimes you have no choice. Just make sure you have a foolproof password.
Was this the source of my fake Amazon texts? It does not appear to be the case, but it is no less troubling.
Read on to learn how to block your SMS messages from spammers on iPhone and some apps to block spam on Android.
Is this article useful?