Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security AT&T Privacy Verizon

T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation (vice.com) 19

An anonymous reader quotes a report from Motherboard: All of the major carriers made a significant change to how SMS messages are routed to prevent hackers being able to easily reroute a target's texts, according to an announcement from Aerialink, a communications company that helps route text messages. The move comes after a Motherboard investigation in which a hacker, with minimal effort, paid $16 to reroute our text messages and then used that ability to break into a number of online accounts, including Postmates, WhatsApp, and Bumble, exposing a gaping hole in the country's telecommunications infrastructure.

"The Number Registry has announced that wireless carriers will no longer be supporting SMS or MMS text enabling on their respective wireless numbers," the March 25 announcement from Aerialink, reads. The announcement adds that the change is "industry-wide" and "affects all SMS providers in the mobile ecosystem." "Be aware that Verizon, T-Mobile and AT&T have reclaimed overwritten text-enabled wireless numbers industry-wide. As a result, any Verizon, T-Mobile or AT&T wireless numbers which had been text-enabled as BYON no longer route messaging traffic through the Aerialink Gateway," the announcement adds, referring to Bring Your Own Number.

This discussion has been archived. No new comments can be posted.

T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation

Comments Filter:
  • Good grief. I was warning people about this in the 90's.

  • by IonOtter ( 629215 ) on Friday March 26, 2021 @05:14PM (#61202884) Homepage

    ...until you embarrass them or cost them money.

    Usually both.

    This is also why researchers and Good Samaritans need laws designed to protect them from lawsuits when this sort of negligence is exposed.

  • by OrangeTide ( 124937 ) on Friday March 26, 2021 @05:17PM (#61202898) Homepage Journal

    It makes me wonder if we had no freedom of the press just how long would shit like this go on unchecked

  • Awesome. Now plug the whole that allows them to route SMS messages to my phone from a email address.

  • Is this why 2FA was messed up for my accounts from around midnight last night until ~4pm today?
  • From TFA:

    It has always been our policy at Sakari to only support the text-enablement of VoIP and landline phone numbers, and as soon as the industry issue was raised we placed a complete block on any mobile numbers.

    Text enablement of landline numbers?

    • Comment removed (Score:4, Interesting)

      by account_deleted ( 4530225 ) on Friday March 26, 2021 @06:08PM (#61203030)
      Comment removed based on user account deletion
      • Thanks. After posting, I Googled "text enablement landline" and discovered that you can send/receive texts on a landline *if* you have the proper equipment, most typically on a PBX system. Learn something new every day...
        • by ksw_92 ( 5249207 )

          Certain "cloud PBX" services support SMS on what are nominally "land lines". Dialpad, for one. It's a huge help for call centers, be they mundane customer support, 911 or radio stations.

        • In the UK, you can send SMS texts to most landlines. Either you have a phone that supports it (it uses the caller ID tones to send the message to the handset), or if not the exchange will call you and read out the text in a robotic voice (which can be hilarious and/or unintelligible if the sender uses txtspk). You can't send texts from a landline without a phone that supports it, though.
          Although as in the UK landline numbers are distinct from mobiles (mobiles always start 07, landlines start 01 or 02) many

        • I used to get texts to my landline from sprint a lot, as a backup in case my cell was out of range, my computer servers would send the text messages via landline instead of e-mail if the internet connection went down and it caused a service interruption. by calling a special number and making the right kinds of beeps using an old protocol I can't find references to any more. A robot man would read me the message out loud for delivery if it was sent to a landline.
  • by whoever57 ( 658626 ) on Friday March 26, 2021 @06:48PM (#61203192) Journal

    It would be great if they could fix the problem that results in approximately 50% of SMS/MMS messages from AT&T failing to reach my T-Mobile phone.

    • It would be great if they could fix the problem that results in approximately 50% of SMS/MMS messages from AT&T failing to reach my T-Mobile phone.

      My solution to this problem is to not have SMS on my mobile phone. That way 0% of SMS/MMS messages reach it--problem solved!

  • Credit where it's due.

    Now can we all switch to TOTP, FIDO, SQRL, or something better?

    "Please add a phone number to improve the security of your account." :runs and screams:

    • Providers of services over the Internet have what regulations call a "legitimate interest" in deterring spam and other forms of abuse. This is why some services require a cell phone number even if TOTP is the service's preferred method of authentication. Other than either validating a cellular phone service subscription or just charging a recurring fee, what can a service do to ensure that a particular user has some financial investment (or "skin in the game" if you will) with respect to the user's identity

Keep up the good work! But please don't ask me to help.

Working...