The Conversation: How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security

The Conversation: How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security. “Major vendors such as Microsoft have urged users to abandon 2FA solutions that leverage SMS and voice calls. This is because SMS is renowned for having infamously poor security, leaving it open to a host of different attacks.”

Digital Inspiration: How to Send SMS Messages with Google Sheets and your Android Phone

Digital Inspiration: How to Send SMS Messages with Google Sheets and your Android Phone. “There are services, Twilio and Vonage for example, that let you send text messages programmatically to any phone number in the world. You can either build an SMS solution on top of these messaging APIs or you can take a simpler and less expensive route – build your own text sending app with Google Sheets and MIT’s App Inventor.”

Hongkiat: Send Emails to Any Mobile Number With This Chrome Extension

Hongkiat: Send Emails to Any Mobile Number With This Chrome Extension. “Afraid of having your urgent email being lost in the recipient’s email account? Why not send it directly to the recipient’s phone number instead. CloudHQ has created an Chrome extension that lets you do just that directly from Gmail itself.” I took a cursory look at CloudHQ and didn’t see anything alarming, but I still wouldn’t use this for anything sensitive.

USA Today: ‘Hundreds of millions of people’ may have had their text messages exposed online, researchers say

USA Today: ‘Hundreds of millions of people’ may have had their text messages exposed online, researchers say. “A database housing millions of private SMS text messages was left open online for an extended period of time, a team of researchers at the online privacy company vpnMentor said Sunday. The Texas-based text messaging firm TrueDialog is thought to be responsible for the leak, the cybersecurity experts said.”

Ars Technica: Researchers unearth malware that siphoned SMS texts out of telco’s network

Ars Technica: Researchers unearth malware that siphoned SMS texts out of telco’s network. “Dubbed ‘Messagetap’ by researchers from the Mandiant division of security firm FireEye, the recently discovered malware infects Linux servers that route SMS messages through a telecom’s network. Once in place, Messagetap monitors the network for messages containing either a preset list of phone or IMSI numbers or a preset list of keywords”

Make SMS Useful Again: 7 Services That Use SMS Messages Cleverly (MakeUseOf)

MakeUseOf: Make SMS Useful Again: 7 Services That Use SMS Messages Cleverly. “Thanks to instant messaging apps, you probably don’t use plain old SMS on your phone too often. Messengers like WhatsApp and Telegram are faster, more reliable, and have tons of other modern features SMS lacks. But SMS is around to stay on your phone and despite what you may think, it has a lot to offer. We’ve rounded up several cool services that make good use of SMS.”

TechCrunch: A leaky database of SMS text messages exposed password resets and two-factor codes

TechCrunch: A leaky database of SMS text messages exposed password resets and two-factor codes. “A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.”

Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad

Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad. “In a post published Wednesday, Reddit said an attacker breached several employee accounts in mid-June. The attacker then accessed a complete copy of backup data spanning from the site’s launch in 2005 to May 2007. The data included cryptographically salted and hashed password data from that period, along with corresponding user names, email addresses, and all user content, including private messages. The attacker also obtained email digests that were sent between June 3 and June 17 of this year. Those digests included usernames and their associated email address, along with Reddit-suggested posts from safe-for-work subreddits users were subscribed to.”

The Verge: Facebook admits SMS notifications sent using two-factor number was caused by bug

The Verge: Facebook admits SMS notifications sent using two-factor number was caused by bug. “Facebook this evening clarified the situation around SMS notifications sent using the company’s two-factor authentication (2FA) system, admitting that the messages were indeed caused by a bug. In a blog post penned by Facebook Chief Security Officer Alex Stamos, the company says the error led it to ‘send non-security-related SMS notifications to these phone numbers.’”