Northeastern Global News: New smartphone vulnerability discovered by Northeastern Ph.D. student reveals hackers could track your location. “A newly discovered vulnerability in text messaging may enable attackers to trace your location, according to Northeastern Ph.D. student Evangelos Bitsikas. His research group exposed the flaw by applying a sophisticated machine-learning program to data gleaned from the relatively primitive SMS system that has driven texting in mobile phones since the early 1990s.”
Tag Archives: SMS
Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts
Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts. “Last week, hackers broke into the systems of Twilio, a cloud communications company that provides infrastructure to other companies to automate sending text messages to their users. By breaking into Twilio systems, hackers could have sent text messages to victims, and read their text messages as well. This potentially gave the hackers a chance to take over any victim’s accounts that were tied to their phone number on services that use Twilio. Crucially, Twilio provides text verification services for the encrypted messaging app Signal.”
New York Times: Americans Can’t Quit SMS
New York Times: Americans Can’t Quit SMS. “The continued prevalence of SMS in the U.S. is a reminder that the most resilient technologies aren’t necessarily the best ones. It’s also another way that America’s smartphone habits are unlike the rest of the world’s in ways that can be helpful but can also hold us back. I know that many Americans use whatever text app is on their phone and don’t think too hard about it. Fine! But let me explain why we should reflect a bit on this communications technology.”
Wired: How to Guard Against Smishing Attacks on Your Phone
Wired: How to Guard Against Smishing Attacks on Your Phone. “AMONG THE MANY threats to your internet security is ‘smishing,’ in which bad actors try to steal your data or money through a text message that attempts to trick you into following a link you shouldn’t or revealing personal details or login information that should be kept private.”
Motherboard: Company That Routes Billions of Text Messages Quietly Says It Was Hacked
Motherboard: Company That Routes Billions of Text Messages Quietly Says It Was Hacked. “A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.”
The Conversation: How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security
The Conversation: How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security. “Major vendors such as Microsoft have urged users to abandon 2FA solutions that leverage SMS and voice calls. This is because SMS is renowned for having infamously poor security, leaving it open to a host of different attacks.”
Digital Inspiration: How to Send SMS Messages with Google Sheets and your Android Phone
Digital Inspiration: How to Send SMS Messages with Google Sheets and your Android Phone. “There are services, Twilio and Vonage for example, that let you send text messages programmatically to any phone number in the world. You can either build an SMS solution on top of these messaging APIs or you can take a simpler and less expensive route – build your own text sending app with Google Sheets and MIT’s App Inventor.”
Hongkiat: Send Emails to Any Mobile Number With This Chrome Extension
Hongkiat: Send Emails to Any Mobile Number With This Chrome Extension. “Afraid of having your urgent email being lost in the recipient’s email account? Why not send it directly to the recipient’s phone number instead. CloudHQ has created an Chrome extension that lets you do just that directly from Gmail itself.” I took a cursory look at CloudHQ and didn’t see anything alarming, but I still wouldn’t use this for anything sensitive.
Neowin: Google introduces Verified SMS and spam detection in Android Messages
Neowin: Google introduces Verified SMS and spam detection in Android Messages. “This new feature will verify whether a specified message is truly from a business. This feature is rolling out in nine countries for now: the U.S., India, Mexico, Brazil, the UK, France, Philippines, Spain, and Canada, but more countries will be added over time.”
USA Today: ‘Hundreds of millions of people’ may have had their text messages exposed online, researchers say
USA Today: ‘Hundreds of millions of people’ may have had their text messages exposed online, researchers say. “A database housing millions of private SMS text messages was left open online for an extended period of time, a team of researchers at the online privacy company vpnMentor said Sunday. The Texas-based text messaging firm TrueDialog is thought to be responsible for the leak, the cybersecurity experts said.”
9to5 Google: Latest Google Messages beta rolling out ‘Verified SMS’ to cut down on SMS spam
9to5 Google: Latest Google Messages beta rolling out ‘Verified SMS’ to cut down on SMS spam. “The latest Google Messages beta is now rolling out ‘Verified SMS’ which is aimed at protecting you from unwanted spam text messages or potential phishing attempts.”
PSA: Twitter finally ditches SMS for two-factor authentication (The Next Web)
The Next Web, with a big side of YAY!: PSA: Twitter finally ditches SMS for two-factor authentication. “Twitter has finally done the impossible: it’s allowing users to enroll for its two-factor authentication (2FA) program without requiring a phone number. What’s more, it’s also providing an option to disable SMS-based 2FA, which is known to be flawed and insecure.”
Ars Technica: Researchers unearth malware that siphoned SMS texts out of telco’s network
Ars Technica: Researchers unearth malware that siphoned SMS texts out of telco’s network. “Dubbed ‘Messagetap’ by researchers from the Mandiant division of security firm FireEye, the recently discovered malware infects Linux servers that route SMS messages through a telecom’s network. Once in place, Messagetap monitors the network for messages containing either a preset list of phone or IMSI numbers or a preset list of keywords”
Make SMS Useful Again: 7 Services That Use SMS Messages Cleverly (MakeUseOf)
MakeUseOf: Make SMS Useful Again: 7 Services That Use SMS Messages Cleverly. “Thanks to instant messaging apps, you probably don’t use plain old SMS on your phone too often. Messengers like WhatsApp and Telegram are faster, more reliable, and have tons of other modern features SMS lacks. But SMS is around to stay on your phone and despite what you may think, it has a lot to offer. We’ve rounded up several cool services that make good use of SMS.”
TechCrunch: A leaky database of SMS text messages exposed password resets and two-factor codes
TechCrunch: A leaky database of SMS text messages exposed password resets and two-factor codes. “A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.”