cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sakari SMS Vulnerability/Exploit

Quantos
Neighbour

I would like to know what can be done to protect myself from this exploit/vulnerability?

 

 

https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber

1 ACCEPTED SOLUTION

Nighthawk
Community Power User
Community Power User

@Quantos - Avoid using SMS for two factor authentication. Unless there is a global change in the design and the way SMS works, there is little that can be done to protect yourself. It's doubtful that change will occur any time soon.

 

@JamesStewart - That company has only existed for a few weeks. Their website has existed for maybe a week. All these articles pushing that site appeared in the last week as well. Unusually convenient. Okey is also incorporated through a registered agent at that massive corporate LLC mailbox farm in Wyoming to hide who's really behind it. Lucky, who appears in most of the articles, has a financial interest in Okey as well so he's basically advertising a service he benefits financially from. Okey also collect the phone numbers of your contacts and any caller to your device as well. (It's in their terms of service) That's separate from the SMS monitoring "service" they're supposedly providing. Too many red flags. I wouldn't touch that site. So far none of the security experts have weighed in on whether or not Okey is even trustable or can even do what it claims at this point in time. 

 

Additionally if that site does notify you of some supposed issue, what exactly can you do to fix it? By that point it's too late and it's not even something a service provider can do since the SMS messages are being intercepted before it even reaches their systems. Right now that site appears to be preying on users fears to make a quick buck on their monitoring service.


If you find a post useful, please give the author a "Like" or mark as an accepted solution if it solves your trouble. 🙂

View solution in original post

6 REPLIES 6

JamesStewart
Organizer
I have an account with OkeyMonitor to monitor my numbers.

I don't think that I can edit my post. But, I should mention, while their service should alert you to a change so that you can take action, it won't prevent it from happening.

Nighthawk
Community Power User
Community Power User

@Quantos - Avoid using SMS for two factor authentication. Unless there is a global change in the design and the way SMS works, there is little that can be done to protect yourself. It's doubtful that change will occur any time soon.

 

@JamesStewart - That company has only existed for a few weeks. Their website has existed for maybe a week. All these articles pushing that site appeared in the last week as well. Unusually convenient. Okey is also incorporated through a registered agent at that massive corporate LLC mailbox farm in Wyoming to hide who's really behind it. Lucky, who appears in most of the articles, has a financial interest in Okey as well so he's basically advertising a service he benefits financially from. Okey also collect the phone numbers of your contacts and any caller to your device as well. (It's in their terms of service) That's separate from the SMS monitoring "service" they're supposedly providing. Too many red flags. I wouldn't touch that site. So far none of the security experts have weighed in on whether or not Okey is even trustable or can even do what it claims at this point in time. 

 

Additionally if that site does notify you of some supposed issue, what exactly can you do to fix it? By that point it's too late and it's not even something a service provider can do since the SMS messages are being intercepted before it even reaches their systems. Right now that site appears to be preying on users fears to make a quick buck on their monitoring service.


If you find a post useful, please give the author a "Like" or mark as an accepted solution if it solves your trouble. 🙂

I've not setup my TELUS numbers with the service, but have a couple of others that I have though, to test it out.

Quantos
Neighbour

Thank you both Nitro721 and Nighthawk.  I think that I'm in not bad shape now.

Kent2
Coach

Not sure the significance of this: https://www.vice.com/en/article/5dp7ad/tmobile-verizon-att-sms-hijack-change but it appears the problem is solved at least inthe USA.