[The security box] Company that routes SMS for all major US carriers was hacked for five years

Jared Rimer jaredrimer at 986themix.com
Tue Oct 12 13:17:45 EDT 2021 

You're kidding me right?  Just writing this for new noted and the blog 
is a joke right?  I can't believe this one, although its probably true. 
  Will never look at SMS the same.

People do all kinds of things through SMS, maybe its time to quit using 
SMS now.  Wow.

Jared Rimer
Check out my shows on 986 the mix. www.986themix.com/schedule for more 
info. Shows are on Wednesdays, Saturdays and Sundays
Wednesday's show is on the independent channel. Check schedule for time
www.jaredrimer.net for my other site.

On 10/5/2021 6:41 PM, Michael Brock via Thesecuritybox wrote:
> 
> Company that routes SMS for all major US carriers was hacked for five years
> Ars Technica  /  Jon Brodkin
> 
> Syniverse and carriers haven't revealed whether text messages were exposed.
> 
> A woman's hand holding a smartphone.
> Enlarge 
> <https://cdn.arstechnica.net/wp-content/uploads/2021/10/getty-phone.jpg>
> 
> Syniverse, a company that routes hundreds of billions of text messages 
> every year for hundreds of carriers including Verizon, T-Mobile, and 
> AT&T, revealed to government regulators that a hacker gained 
> unauthorized access to its databases for five years. Syniverse and 
> carriers have not said whether the hacker had access to customers' text 
> messages.
> 
> A filing with the Securities and Exchange Commission 
> <https://www.sec.gov/Archives/edgar/data/1839175/000119312521284329/d234831dprem14a.htm> 
> last week said that "in May 2021, Syniverse became aware of unauthorized 
> access to its operational and information technology systems by an 
> unknown individual or organization. Promptly upon Syniverse's detection 
> of the unauthorized access, Syniverse launched an internal 
> investigation, notified law enforcement, commenced remedial actions and 
> engaged the services of specialized legal counsel and other incident 
> response professionals."
> 
> Syniverse said that its "investigation revealed that the unauthorized 
> access began in May 2016" and "that the individual or organization 
> gained unauthorized access to databases within its network on several 
> occasions, and that login information allowing access to or from its 
> Electronic Data Transfer ('EDT') environment was compromised for 
> approximately 235 of its customers."
> 
> Syniverse isn’t revealing more details
> 
> When contacted by Ars today, a Syniverse spokesperson provided a general 
> statement that mostly repeats what's in the SEC filing. Syniverse 
> declined to answer our specific questions about whether text messages 
> were exposed and about the impact on the major US carriers.
> 
> "Given the confidential nature of our relationship with our customers 
> and a pending law enforcement investigation, we do not anticipate 
> further public statements regarding this matter," Syniverse said.
> 
> The SEC filing is a preliminary proxy statement related to a pending 
> merger 
> <https://www.m3-brigade.com/news/press-releases/detail/47/syniverse-the-leading-provider-of-mission-critical-mobile> 
> with a special purpose acquisition company that will make Syniverse a 
> publicly traded firm. (The document was filed by M3-Brigade Acquisition 
> II Corp., the blank-check company.) As is standard with SEC filings, the 
> document discusses risk factors for investors, in this case including 
> the security-related risk factors demonstrated by the Syniverse database 
> hack.
> 
> Syniverse routes messages for 300 operators
> 
> Syniverse says its intercarrier messaging service 
> <https://www.syniverse.com/products/intercarrier-messaging> processes 
> over 740 billion messages each year for over 300 mobile operators 
> worldwide. Though Syniverse likely isn't a familiar name to most cell 
> phone users, the company plays a key role in ensuring that text messages 
> get to their destination.
> 
> We asked AT&T, Verizon, and T-Mobile today whether the hacker had access 
> to people's text messages, and we will update this article if we get any 
> new information.
> 
> Syniverse's importance in SMS was highlighted in November 2019 when a 
> server failure caused over 168,000 messages to be delivered nearly nine 
> months late 
> <https://arstechnica.com/information-technology/2019/11/why-168149-valentines-day-text-messages-arrived-in-november/>. 
> The messages were in a queue and left undelivered when a server failed 
> on February 14, 2019, and finally reached their recipients in November 
> when the server was reactivated 
> <https://www.syniverse.com/insights/syniverse-statement-regarding-person-to-person-messaging-event>.
> 
> Syniverse says it fixed vulnerabilities
> 
> Syniverse said in the SEC filing and its statement to Ars that it reset 
> or deactivated the credentials of all EDT customers, "even if their 
> credentials were not impacted by the incident."
> 
> "Syniverse has notified all affected customers of this unauthorized 
> access where contractually required, and Syniverse has concluded that no 
> additional action, including any customer notification, is required at 
> this time," the SEC filing said. Syniverse told us that it also 
> "implemented substantial additional measures to provide increased 
> protection to our systems and customers" in response to the incident, 
> but did not say what those measures are.
> 
> Syniverse is apparently confident that it has everything under control 
> but told the SEC that it could still discover more problems resulting 
> from the breach:
> 
>     Syniverse did not observe any evidence of intent to disrupt its
>     operations or those of its customers and there was no attempt to
>     monetize the unauthorized activity... While Syniverse believes it
>     has identified and adequately remediated the vulnerabilities that
>     led to the incidents described above, there can be no guarantee that
>     Syniverse will not uncover evidence of exfiltration or misuse of its
>     data or IT systems from the May 2021 Incident, or that it will not
>     experience a future cyber-attack leading to such consequences. Any
>     such exfiltration could lead to the public disclosure or
>     misappropriation of customer data, Syniverse's trade secrets or
>     other intellectual property, personal information of its employees,
>     sensitive information of its customers, suppliers and vendors, or
>     material financial and other information related to its business.
> 
> Syniverse's SEC filing was submitted on September 27 and discussed 
> yesterday in an article in Vice's Motherboard section 
> <https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked>. 
> According to Vice, a "former Syniverse employee who worked on the EDT 
> systems" said those systems contain information on all types of call 
> records. Vice also quoted an employee of a phone company who said that a 
> hacker could have gained access to the contents of SMS text messages.
> 
> Vice wrote:
> 
>     Syniverse repeatedly declined to answer specific questions from
>     Motherboard about the scale of the breach and what specific data was
>     affected, but according to a person who works at a telephone
>     carrier, whoever hacked Syniverse could have had access to metadata
>     such as length and cost, caller and receiver's numbers, the location
>     of the parties in the call, as well as the content of SMS text messages.
> 
>     "Syniverse is a common exchange hub for carriers around the world
>     passing billing info back and forth to each other," the source, who
>     asked to remain anonymous as they were not authorized to talk to the
>     press, told Motherboard. "So it inevitably carries sensitive info
>     like call records, data usage records, text messages, etc. [...] The
>     thing is—I don't know exactly what was being exchanged in that
>     environment. One would have to imagine though it easily could be
>     customer records and [personal identifying information] given that
>     Syniverse exchanges call records and other billing details between
>     carriers."
> 
> 
> 
> Original Article: https://arstechnica.com/?p=1801405 
> <https://arstechnica.com/?p=1801405>
> 
> 
> Michael Brock
> 
> Thank you for subscribing to the Security Box email list.  If you need list management options, please see the link for a section to log in, manage your subscription, and possibly other options that may be of interest.
> 
> Need help?  write the owner, and the owner will get back to you as quickly as possible.  Be clear on what you need.
> 
> Thanks for subscribing!
>

More information about the Thesecuritybox mailing list