Cell phones are a necessity in day-to-day life, allowing communications and access to numerous websites and accounts. Thus, losing access to a phone or text messages could be as bad, if not worse, than losing a credit card. Even more concerning would be if a hacker could intercept texts without the phone’s owner even knowing, and it was entirely possible with $16 and some knowledge of a target. Now, cell carriers must shake things up to prevent this problematic issue from happening again.
Earlier this month, Vice‘s Joseph Cox reported that a hacker had “swiftly, stealthily, and largely effortlessly redirected [Cox’s] text messages to themselves,” gaining access to apps such as Bumble, Postmates, and WhatsApp. Typically, this could be possible with a SIM card swap or some trickery and social engineering to transfer a phone number. In this case, the hacker, calling themselves Lucky225, spent $16 to use a service from the company Sakari, which allows businesses to run SMS marketing and mass messaging.

“I used a prepaid card to buy their $16 per month plan and then after that was done it let me steal numbers just by filling out LOA info with fake info,” Lucky explains. The LOA or Letter of Authorization they refer to is simply a document stating the signer has permission to switch telephone numbers, but anyone can sign it, effectively making it only a promise.

It’s obviously quite concerning that this could happen in the first place, given that there should be regulatory bodies like the FCC who should prevent this type of activity. Moreover, individual companies, including cellular providers, need to be better at self-governing and protecting customers. In any case, let us know what you think of this interesting situation in the comments below.
Source link