Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications Security

Company That Routes Billions of Text Messages Quietly Discloses It Was Hacked (vice.com) 33

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. From a report: The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown "individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers." A former Syniverse employee who worked on the EDT systems told Motherboard that those systems have information on all types of call records. [...] The company wrote that it discovered the breach in May 2021, but that the hack began in May of 2016.
This discussion has been archived. No new comments can be posted.

Company That Routes Billions of Text Messages Quietly Discloses It Was Hacked

Comments Filter:
  • Non-issue. (Score:5, Funny)

    by NFN_NLN ( 633283 ) on Monday October 04, 2021 @02:25PM (#61860635)

    It's just text people, like an out-dated twitter. It's not like we depend on it for banking 2FA or other important security.

  • That's how you make sms based tfa useless?
    • I have mine sent through the psychic friends network. [wikipedia.org]

      • Maybe google should do that too.
        Last time I tried to log onto google services they required me to enter my phone number so they could send me a sms for tfa. Listen to how stupid that sounds. And with this... but at least this wasn't alphabet's fault.
        The funniest thing was I have google authenticator for that account, but that wasn't an option for tfa with google services.

  • Any of those 235 customers a state actor would be interested in?

  • Maybe, hopefully, this will time well with everyone copying system-wide TOTP 2fa from Apple and we can get rid of SMS 2fa everywhere.
    • With quantum communications [scientificamerican.com] we may have more secure means.

    • No thanks. I'd prefer to stick with the IETF RFC 6238 industry standard implementation of TOTP 2FA rather than being restricted to some proprietary variant foisted upon me by Cuprertino because "Steve Jobs wanted it that way".
  • by 140Mandak262Jamuna ( 970587 ) on Monday October 04, 2021 @02:59PM (#61860799) Journal
    The company spokesperson, Mr Uwont B Leavit, said that the company took adequate precautions against hacking and it could not have anticipated such an attack from the hackers. He continued every user account is secured by Two Factor Authentication, One-Time-Passwords were sent via SMS.

    He declined to comment on how those OTP messages were routed.

  • Curiously NIST stopped recommending use of SMS for two-factor authentication in 2016. I wonder if they knew about this hack?
  • by omnichad ( 1198475 ) on Monday October 04, 2021 @03:35PM (#61860943) Homepage

    There was a lot of talk of SIM jacking being to blame for hacked accounts. Seems like this is more discreet and easier to cover up. Probably responsible for way more than social engineering to steal phone numbers.

  • You could already hijack SMS messages even without compromising any particular company's network, so this is only really useful for collecting bulk data sets to sell on the black market. Your data was already not secure, so this is fine.

  • “Hacker”, it was designed with backdoors to allow the state security apparatus ease of access. And the said company is a front for Mossad.
    • “Hacker”, it was designed with backdoors to allow the state security apparatus ease of access. And the said company is a front for Mossad.

      No, it was never secure, and was built into the existing signalling system. That's why its limited in length. That length wasn't arbitrary, it was all of the space available.

    • Ok, maybe it is, maybe it isn't... anything to back up that assertion?

      As far as this hack... it wouldn't surprise me at all if the FCC/congressional inquiries go away very quickly and very quietly once some three letter agency has an off-the-record meeting with a few people. On the other hand, it could just as easily be Russia or China. Or all of them at once. :shrug: nothing surprises me anymore.

  • I used to get spam texts immediatly after sending a text. It didn't matter whether it was 8:30am or 4:30pm, I'd get a spam text message about 2 minutes later. I sent someone a text at 3am last week and not 2 minutes later I got another spam text.

  • by sabt-pestnu ( 967671 ) on Monday October 04, 2021 @07:45PM (#61861599)

    while it may only have affected 250 or so customers, ...

    AT&T is one customer
    T-Mobile is one customer
    Verizon is one customer

  • Outsource everything you can...
    And we get this.

Time is the most valuable thing a man can spend. -- Theophrastus

Working...