Major U.S. telecom carriers shut down security vulnerability which allowed easy SMS rerouting that rendered 2FA redundant

SMS reroute US Telecom Carriers
US Telecom carriers plug security loophole of Short Messaging Service. Pic credit: Free-Photos/Pixabay

The top three U.S. telecom service providers, AT&T, T-Mobile, and Verizon, have plugged a security vulnerability that allowed SMS rerouting. The openly available and easily accessible “White Hat” service essentially rendered 2FA (2 Factor Authentication) useless.

All the major telecommunication companies have made a small but significant change to their SMS delivery mechanism. Prior to the change, several third-party service providers had the ability to reroute SMS (Short Messaging Service) messages commonly used by social media platforms, banks, etc. for 2FA.

How did hackers reroute SMS messages used for 2FA:

All of the major telecom carriers, including AT&T, T-Mobile, and Verizon, have made a significant change to how SMS messages are routed. Prior to the change, hackers could easily exploit the openly and legally available method to essentially hijack accounts and assume stolen identities.

The action from telecom companies presumably follows a detailed and rather concerning investigation by Motherboard. According to the publication, hackers merely required $16 to reroute text messages of their victims.

The hacker, with permission from the victim, merely needed the latter’s phone number and $16. The hacker paid $16 to subscribe to the cheapest tier of a service provider called ‘Sakari’.

The researching hacker then managed to reroute all of the victim’s incoming text messages to their hardware. The victim remained oblivious to the situation simply because there were no signs of tampering. Perhaps the only sign of trouble is the lack of any SMS.

Incidentally, Sakari is just one of several companies that offer SMS rerouting services. However, these companies rely on other service providers that operate the Override Service Registry.

Needless to mention, all of the services, have legitimate uses. Moreover, misusing them for hacking into accounts is strictly against their terms of service. Still, the methods do leave the SMS platform vulnerable to an easy-to-conduct attack.

U.S. telecom giants take note and action of the loophole that allowed hijacking accounts that used 2FA:

Until recently, it was entirely up to the third-party service providers to prevent misuse of the SMS rerouting service for nefarious purposes. The legitimacy of the “White Hat” attack meant telecom carriers weren’t majorly concerned, until recently.

Presumably following an expose that even revealed the technical aspects of the hack, all the major U.S. telecom carriers have reportedly taken steps to prevent potential misuse of SMS rerouting methods.

A March 25 announcement from Aerialink, a communications company that helps route text messages, reads: “The Number Registry has announced that wireless carriers will no longer be supporting SMS or MMS text enabling on their respective wireless numbers.”

“Be aware that Verizon, T-Mobile, and AT&T have reclaimed overwritten text-enabled wireless numbers industry-wide. As a result, any Verizon, T-Mobile, or AT&T wireless numbers which had been text-enabled as BYON no longer route messaging traffic through the Aerialink Gateway.”

BYON refers to Bring Your Own Number. The platform, along with Number Registry, was important for conducting such attacks. Moreover, as several companies allow employees to use their own devices and numbers, conducting the attack was easy, until now.

It is not immediately clear how the companies that gained and legitimately required the SMS rerouting functions, will operate in the future. Previously, these companies helped businesses with SMS marketing and mass messaging.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x