I hadn’t been SIM swapped, where hackers trick or bribe telecom employees to port a target’s phone number to their own SIM card. Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him. This overlooked attack vector shows not only how unregulated commercial SMS tools are but also how there are gaping holes in our telecommunications infrastructure, with a hacker sometimes just having to pinky swear they have the consent of the target.
“Welcome to create an account if you want to mess with it, literally anyone can sign up,” Lucky225, the pseudonymous hacker who carried out the attack, told Motherboard, describing how easy it is to gain access to the tools necessary to seize phone numbers.
Fortunately, Lucky225 was taking over my number and breaking into the connected accounts with my permission to demonstrate the flaw. This also doesn’t rely on SS7 exploitation, where more sophisticated attackers tap into the telecom industry’s backbone to intercept messages on the fly. What Lucky225 did with Sakari is easier to pull off and requires less technical skill or knowledge. Unlike SIM jacking, where a victim loses cell service entirely, my phone seemed normal. Except I never received the messages intended for me, but he did.
Join the conversation as a VIP Member