A few minutes after they entered my T-Mobile number into Sakari, Lucky225 started receiving text messages that were meant for me. I received no call or text notification from Sakari asking to confirm that my number would be used by their service. I simply stopped getting texts."Hello. This is Lorenzo," my colleague Lorenzo Franceschi-Bicchierai wrote to the number."Hi Lorenzo :) - Lucky," the hacker replied."As of today, you don't know this happens," Teli Tuketu, the CEO of Okey Systems, told Motherboard in a phone call, referring to how there is no way for the target to immediately know their text messages have been rerouted. "You don't know these attacks happen."Motherboard also created an account for verification purposes, but Sakari suspended the account after contacted for comment.It is not clear how much this method of attack is being used in the wild on mobile numbers. Karsten Nohl, a researcher from Security Research Labs who has investigated telecommunications security for years, said he had not seen it before. Tuketu said it "absolutely" is happening.
Do you work for telecom or one of the other companies mentioned? Do you know anything else about this attack? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
As for how Sakari has this capability to transfer phone numbers, Nohl from Security Research Labs said "there is no standardized global protocol for forwarding text messages to third parties, so these attacks would rely on individual agreements with telcos or SMS hubs."In Sakari's case, it receives the capability to control the rerouting of text messages from another firm called Bandwidth, according to a copy of Sakari's LOA obtained by Motherboard. Bandwidth told Motherboard that it helps manage number assignment and traffic routing through its relationship with another company called NetNumber. NetNumber owns and operates the proprietary, centralized database that the industry uses for text message routing, the Override Service Registry (OSR), Bandwidth said.