Day to day new changes are taking place in technology, instead of getting more privacy concerns, every now and then hackers are attacking the users.
A new attack has come up where hackers redirect the SMS bound for the user’s phone number to their systems.
SMS Redirecting Attack: Hacker can Login to Your WhatsApp Account
As per the reports by Joseph Cox of Vice, the text messages are redirected by the hacker to get the OTP of the user’s device and other information in the SMS attack. He also told that the hacker can get the access to Whatsapp account also.
These attacks are possible because of the carelessness of the telecom industry. By using the SMS attack, the hackers can redirect the important text messages that contain OTP or login links.
Joseph Cox, a Motherboard reporter was personally attacked and he was not even knowing about the attack on his mobile number.
In a report, he said,
“Looking down at my phone, there was no sign it had been hacked. I still had reception; the phone said I was still connected to the T-Mobile network. Nothing was unusual there. But the hacker had swiftly, stealthily, and largely effortlessly redirected my text messages to themselves. And all for just $16, .
However, the strange thing about the attack is, the hacker can get access by paying just $16 (Rs. 1,160). The company that provided these services in the case of Cox has said that the attack has been fixed but for a few others it has not been solved. Moreover, some of the companies know the attack then also they are blaming CTIA, the trade organization.
This SMS redirecting attack is another hacking activity added to the list of hacking. Already there are attacks on SIM Swapping and SS7 that is affecting many users. However, the interesting thing about these attacks is the user gets to know about the hack within few moments as the phone does not have any network. But, in this SMS attack case, the victim does not get to know anything.
So, to avoid this, it is better to not depend on SMS services. You must use authenticator apps and for bank-related OTPs, you must register your email account with your account to receive the OTPs.