Here Is How Hacker Reads Your Text Messages Secured By Two-Factor Codes
Shakti
Hacker is considered reading millions of your text messages. But the secret of this is just clarified by the following report.
- Software Engineer Hacking Former Company, Hoping To Be Rehired
- Pakistan-Linked Hacker Group Exploits CO.VID-19 Fear To Attack Indians, Posing As The Indian Government
- A Hacker Was Awarded $75,000 As Bug Bounty After Reporting Safari Bugs To Apple
Recently, there are a lot of security vulnerabilities in the servers, even the users' account can also be hacked. This year, statistics showed that hacker can read your text message via a new security vulnerability, although the messages are secured by the new security technologies like OTPs, verification link, 2-factor codes, and password reset links. A research on TechCrunch indicated that the security flaw is on the Voxox's server, a US firm.
Two-factor authentication is a safe security method that keeps your online accounts secure by requiring you to input a code generated by an app installed on your smartphone. These codes are periodically updated after about 30 seconds so that the only way a hacker could gain access to your 2FA-secured account is to physically hold your phone.
The reports indicated that the data inside the text message, which is sent to customers, were leaked, including passwords for the apps, the codes for the Google accounts, the verification code for Viber, Kakao Talk, the Huawei codes, the Microsoft verification series, and some others.
The report also claimed that when the server was unsecured, the hacker used their software to attack to and see the real-time stream of messages go to and away from the server. Sébastien Kaul, a German security expert showed that the hacker can assess the database running on the Amazon Elasticsearch that uses the Kibana front-end configuration. Hacker could easily dig out the data by using the name, phone numbers and the contents of the messages.
According to the report, the gateway like Voxox converts codes sending from the developer, such as 2-factor codes, into the text message and sent to end-users. But this Voxox's encrypting process is not secured and being able to read by the hacker. The company claimed that they are following standard data policy and looking into the issue.