{"id":31886,"date":"2021-03-15T16:24:11","date_gmt":"2021-03-15T20:24:11","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=31886"},"modified":"2021-07-03T14:20:40","modified_gmt":"2021-07-03T18:20:40","slug":"sms-rerouting-vulnerability","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/03\/15\/sms-rerouting-vulnerability\/","title":{"rendered":"SMS Rerouting Vulnerability"},"content":{"rendered":"

Joseph Cox<\/a> (tweet<\/a>):<\/p>\n

I hadn’t been SIM swapped, where hackers trick or bribe telecom employees to port a target’s phone number to their own SIM card. Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him. This overlooked attack vector shows not only how unregulated commercial SMS tools are but also how there are gaping holes in our telecommunications infrastructure, with a hacker sometimes just having to pinky swear they have the consent of the target.<\/p>

[…]<\/p>

While adding a number, Sakari provides the Letter of Authorization for the user to sign. Sakari’s LOA says that the user should not conduct any unlawful, harassing, or inappropriate behaviour with the text messaging service and phone number.<\/p>

But as Lucky225 showed, a user can just sign up with someone else’s number and receive their text messages instead.<\/p>

[…]<\/p>

As for how Sakari has this capability to transfer phone numbers, Nohl from Security Research Labs said “there is no standardized global protocol for forwarding text messages to third parties, so these attacks would rely on individual agreements with telcos or SMS hubs.”<\/p>

[…]<\/p>

Horsman added that, effective immediately, Sakari has added a security feature where a number will receive an automated call that requires the user to send a security code back to the company, to confirm they do have consent to transfer that number.<\/p><\/blockquote>\n\n

Previously:<\/p>\n