Largest mobile SMS routing firm discloses five-year-long breach:
Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers.
Self-described as “the world’s most connected company,” Syniverse provides text messaging routing services to over 300 mobile operators, among them Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile.
Syniverse is so big that it brags about having as its customers “nearly every mobile communications provider, the largest global banks, the world’s biggest tech companies.”
[...] In a filing on September 27 with the U.S. Securities and Exchange Commission (SEC) spotted by Motherboard journalist Lorenzo Franceschi-Bicchierai, Syniverse disclosed that an unauthorized party accessed on several occasions databases on its network.
When the company became aware of the intrusions in May 2021, an internal investigation began to determine the extent of the hack.
“The results of the investigation revealed that the unauthorized access began in May 2016,” the company reveals in the SEC filing.
For five years, hackers maintained access to Syniverse internal databases and compromised the login data for the Electronic Data Transfer (EDT) environment belonging to about 235 customers.
“All EDT customers have been notified and have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. All customers whose credentials were impacted have been notified of that circumstance” - Syniverse
Also at Business Insider, Security Week, and Ars Technica
(Score: -1, Offtopic) by Anonymous Coward on Thursday October 07 2021, @11:41AM
[Harry and Marv have arrived in New York by stowing away in a fish truck]
Harry: Here we are, Marv. New York City. The land of opportunity.
[sniffs]
Harry: Smell that?
Marv: [sniffs] Yeah.
Harry: Know what that is?
Marv: Fish.
Harry: It's freedom.
Marv: No, it's fish.
Harry: It's freedom, and it's money.
Marv: Okay, okay, it's freedom.
Harry: Come on, let's get out of here before somebody sees us.
Marv: And it's fish.
(Score: -1, Troll) by Anonymous Coward on Thursday October 07 2021, @12:19PM
Now Trump can claim all the bad tweets were the result of hackers, clearing the way for a triumphant return in 2024.
(Score: -1, Offtopic) by Anonymous Coward on Thursday October 07 2021, @12:35PM (1 child)
Never rub another man's rhubarb!
Never rub another man's rhubarb!
(Score: -1, Troll) by Anonymous Coward on Thursday October 07 2021, @01:20PM
lick my clit
(Score: 3, Interesting) by nitehawk214 on Thursday October 07 2021, @01:28PM (6 children)
Does anyone treat an SMS as a private message past about 5 minutes? Things that use SMS as a verification code set the timeout so short that they often expire before I receive the message. Setting the timeout any longer would expose the account to risk.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 2, Insightful) by Splodgy Emoji on Thursday October 07 2021, @02:05PM (2 children)
If you think a site with a timeout for using a code sent by SMS has "better" security, you are fooling yourself. The site has no way of knowing whether the phone is compromised in some way (even for non-smart phones)
(Score: 2) by FatPhil on Thursday October 07 2021, @07:29PM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Booga1 on Saturday October 09 2021, @08:06PM
It may not be the provider's fault, at least not directly. A lot of the delays come from inter-carrier message gateways. You may get lucky that the routing to you does not cross a congested gateway. Of course, you may be left waiting because the person sending an SMS is stuck behind a gateway that's slow to send. There's nothing you can do about it because the real problem is on the other side.
Back when I was doing cellular tech support we would frequently see delays from one carrier to our customers. An SMS could get delayed by an hour or two, sometimes eight or more hours if it was an MMS. All we could do was tell customers to wait at least 24 hours and ask the sender to send it again if it still didn't come through. Things are way better these days, but delays are still pretty common, even if they're significantly shorter.
(Score: 2) by Thexalon on Thursday October 07 2021, @04:48PM
Don't worry, the FBI / NSA / Mossad got their copy during those 5 minutes.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Thursday October 07 2021, @06:57PM
not even 5 minutes!
that timeout was added because they know that sms is insecure, but a short time make it harder to be abused, as it have a 1 minute window to abuse it, too short if he isn't the one requesting the sms already
hell, even GSM is known to be insecure, but operators don't want to fix it because it is expensive, phone builders because require more hardware, no standard, lower battery life and higher cost... government because this way they can listen to any call when needed and end-user usually do not care/know/understand crypto and privacy
(Score: 2) by darkfeline on Friday October 08 2021, @03:40AM
Given that SMS messages literally have to be routed through a third party unencrypted before it can even be sent to you, obviously they are not private. They're compromised before you even receive it.
Join the SDF Public Access UNIX System today!
(Score: 3, Interesting) by AnonTechie on Thursday October 07 2021, @04:34PM
This is an unending nightmare for consumers and I don't think anybody is really surprised by such disclosures anymore ... Same Shit Different Day !!
Techdirt [techdirt.com]
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 1) by fustakrakich on Thursday October 07 2021, @06:56PM
Try find for me somebody who has not been hacked...
La politica e i criminali sono la stessa cosa..