In what could put smartphone users at a new privacy and security risk, text-messaging management services are now being misused for as little as Rs 1,160 (nearly $16) to covertly redirect text messages from users to hackers, giving cybercriminals access to two-factor codes/login SMSes.
The invisible cyber-attack on companies providing SMS redirection services is reportedly being carried out in connivance with workers at telecom companies, reports Motherboard.
“The method of attack, which has not been previously reported or demonstrated in detail, has implications for cybercrime, where criminals often take over target’s phone numbers in order to harass them, drain their bank account, or otherwise tear through their digital lives,” the report said late on Monday.
Using these services, attackers are not only able to intercept incoming text messages, but they can reply as well.
“It’s not hard to see the enormous threat to safety and security this kind of attack poses,” US Senator Ron Wyden said in a statement.
There are several other methods to exploit the SMS services and SIM swapping is one of those.
But with SIM swapping, it’s easy to find out that you are under attack as your device will be completely disconnected from the cellular network.
However, with SMS redirection, you could notice the cyber-attack much later and by that time, hackers would be able to break into your account and personal-financial data.
According to The Verge, SMS should be avoided for anything security-related, if possible, for two-factor authentication.
“It is better to use an app like Google Authenticator or Authy. Some password managers even have support for 2FA built-in, like 1Password or many of the other free managers we recommend,” the report mentioned.