I hadn’t been SIM swapped, where hackers trick or bribe telecom employees to port a target’s phone number to their own SIM card. Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him. This overlooked attack vector shows not only how unregulated commercial SMS tools are but also how there are gaping holes in our telecommunications infrastructure, with a hacker sometimes just having to pinky swear they have the consent of the target.
“I used a prepaid card to buy their $16 per month plan and then after that was done it let me steal numbers just by filling out LOA info with fake info,” said Lucky225, the pseudonymous hacker who carried out the attack, referring to a Letter of Authorization, a document saying that the signer has authority to switch telephone numbers.
In a statement to Motherboard, Senator Ron Wyden said: “Itâ(TM)s not hard to see the enormous threat to safety and security this kind of attack poses. The FCC must use its authority to force phone companies to secure their networks from hackers. Former Chairman Paiâ(TM)s approach of industry self-regulation clearly failed.”