There’s a newly discovered attack on SMS messaging that’s almost invisible to victims, and seemingly sanctioned by the telecom industry, uncovered in a report by Motherboard. The attack uses text-messaging management services that are aimed at businesses to silently redirect text messages from a victim to hackers, giving them access to any two-factor codes or login links that are sent via text message.
Sometimes, the companies providing the service don’t send any sort of message to the number that’s being redirected, either to ask permission or even to notify the owner that their texts are now going to someone else. Using these services, attackers are not only able to intercept incoming text messages, but they can reply as well.
Joseph Cox, the Motherboard reporter, had someone successfully carry out the attack on his number, and it only cost the attacker $16. When he contacted other companies providing SMS redirection services, some of them reported that they had seen…