[The security box] Company that routes SMS for all major US carriers was hacked for five years
Jared Rimer
jaredrimer at 986themix.com
Tue Oct 12 16:15:05 EDT 2021
I guess we'll have to see what happens.
Jared Rimer
Check out my shows on 986 the mix. www.986themix.com/schedule for more
info. Shows are on Wednesdays, Saturdays and Sundays
Wednesday's show is on the independent channel. Check schedule for time
www.jaredrimer.net for my other site.
On 10/12/2021 11:28 AM, Preston Gaylor wrote:
> That could be, I just think we need to continue to be careful, as all of
> us could be targets.
> Preston
>
> On Tue, Oct 12, 2021 at 1:49 PM Jared Rimer via Thesecuritybox
> <thesecuritybox at 986themix.com <mailto:thesecuritybox at 986themix.com>> wrote:
>
> You're kidding me right? Just writing this for new noted and the blog
> is a joke right? I can't believe this one, although its probably true.
> Will never look at SMS the same.
>
> People do all kinds of things through SMS, maybe its time to quit using
> SMS now. Wow.
>
> Jared Rimer
> Check out my shows on 986 the mix. www.986themix.com/schedule
> <http://www.986themix.com/schedule> for more
> info. Shows are on Wednesdays, Saturdays and Sundays
> Wednesday's show is on the independent channel. Check schedule for time
> www.jaredrimer.net <http://www.jaredrimer.net> for my other site.
>
> On 10/5/2021 6:41 PM, Michael Brock via Thesecuritybox wrote:
> >
> > Company that routes SMS for all major US carriers was hacked for
> five years
> > Ars Technica / Jon Brodkin
> >
> > Syniverse and carriers haven't revealed whether text messages
> were exposed.
> >
> > A woman's hand holding a smartphone.
> > Enlarge
> >
> <https://cdn.arstechnica.net/wp-content/uploads/2021/10/getty-phone.jpg
> <https://cdn.arstechnica.net/wp-content/uploads/2021/10/getty-phone.jpg>>
> >
> > Syniverse, a company that routes hundreds of billions of text
> messages
> > every year for hundreds of carriers including Verizon, T-Mobile, and
> > AT&T, revealed to government regulators that a hacker gained
> > unauthorized access to its databases for five years. Syniverse and
> > carriers have not said whether the hacker had access to
> customers' text
> > messages.
> >
> > A filing with the Securities and Exchange Commission
> >
> <https://www.sec.gov/Archives/edgar/data/1839175/000119312521284329/d234831dprem14a.htm
> <https://www.sec.gov/Archives/edgar/data/1839175/000119312521284329/d234831dprem14a.htm>>
>
> > last week said that "in May 2021, Syniverse became aware of
> unauthorized
> > access to its operational and information technology systems by an
> > unknown individual or organization. Promptly upon Syniverse's
> detection
> > of the unauthorized access, Syniverse launched an internal
> > investigation, notified law enforcement, commenced remedial
> actions and
> > engaged the services of specialized legal counsel and other incident
> > response professionals."
> >
> > Syniverse said that its "investigation revealed that the
> unauthorized
> > access began in May 2016" and "that the individual or organization
> > gained unauthorized access to databases within its network on
> several
> > occasions, and that login information allowing access to or from its
> > Electronic Data Transfer ('EDT') environment was compromised for
> > approximately 235 of its customers."
> >
> > Syniverse isn’t revealing more details
> >
> > When contacted by Ars today, a Syniverse spokesperson provided a
> general
> > statement that mostly repeats what's in the SEC filing. Syniverse
> > declined to answer our specific questions about whether text
> messages
> > were exposed and about the impact on the major US carriers.
> >
> > "Given the confidential nature of our relationship with our
> customers
> > and a pending law enforcement investigation, we do not anticipate
> > further public statements regarding this matter," Syniverse said.
> >
> > The SEC filing is a preliminary proxy statement related to a pending
> > merger
> >
> <https://www.m3-brigade.com/news/press-releases/detail/47/syniverse-the-leading-provider-of-mission-critical-mobile
> <https://www.m3-brigade.com/news/press-releases/detail/47/syniverse-the-leading-provider-of-mission-critical-mobile>>
>
> > with a special purpose acquisition company that will make
> Syniverse a
> > publicly traded firm. (The document was filed by M3-Brigade
> Acquisition
> > II Corp., the blank-check company.) As is standard with SEC
> filings, the
> > document discusses risk factors for investors, in this case
> including
> > the security-related risk factors demonstrated by the Syniverse
> database
> > hack.
> >
> > Syniverse routes messages for 300 operators
> >
> > Syniverse says its intercarrier messaging service
> > <https://www.syniverse.com/products/intercarrier-messaging
> <https://www.syniverse.com/products/intercarrier-messaging>> processes
> > over 740 billion messages each year for over 300 mobile operators
> > worldwide. Though Syniverse likely isn't a familiar name to most
> cell
> > phone users, the company plays a key role in ensuring that text
> messages
> > get to their destination.
> >
> > We asked AT&T, Verizon, and T-Mobile today whether the hacker had
> access
> > to people's text messages, and we will update this article if we
> get any
> > new information.
> >
> > Syniverse's importance in SMS was highlighted in November 2019
> when a
> > server failure caused over 168,000 messages to be delivered
> nearly nine
> > months late
> >
> <https://arstechnica.com/information-technology/2019/11/why-168149-valentines-day-text-messages-arrived-in-november/
> <https://arstechnica.com/information-technology/2019/11/why-168149-valentines-day-text-messages-arrived-in-november/>>.
>
> > The messages were in a queue and left undelivered when a server
> failed
> > on February 14, 2019, and finally reached their recipients in
> November
> > when the server was reactivated
> >
> <https://www.syniverse.com/insights/syniverse-statement-regarding-person-to-person-messaging-event
> <https://www.syniverse.com/insights/syniverse-statement-regarding-person-to-person-messaging-event>>.
> >
> > Syniverse says it fixed vulnerabilities
> >
> > Syniverse said in the SEC filing and its statement to Ars that it
> reset
> > or deactivated the credentials of all EDT customers, "even if their
> > credentials were not impacted by the incident."
> >
> > "Syniverse has notified all affected customers of this unauthorized
> > access where contractually required, and Syniverse has concluded
> that no
> > additional action, including any customer notification, is
> required at
> > this time," the SEC filing said. Syniverse told us that it also
> > "implemented substantial additional measures to provide increased
> > protection to our systems and customers" in response to the
> incident,
> > but did not say what those measures are.
> >
> > Syniverse is apparently confident that it has everything under
> control
> > but told the SEC that it could still discover more problems
> resulting
> > from the breach:
> >
> > Syniverse did not observe any evidence of intent to disrupt its
> > operations or those of its customers and there was no attempt to
> > monetize the unauthorized activity... While Syniverse believes it
> > has identified and adequately remediated the vulnerabilities that
> > led to the incidents described above, there can be no
> guarantee that
> > Syniverse will not uncover evidence of exfiltration or misuse
> of its
> > data or IT systems from the May 2021 Incident, or that it
> will not
> > experience a future cyber-attack leading to such
> consequences. Any
> > such exfiltration could lead to the public disclosure or
> > misappropriation of customer data, Syniverse's trade secrets or
> > other intellectual property, personal information of its
> employees,
> > sensitive information of its customers, suppliers and vendors, or
> > material financial and other information related to its business.
> >
> > Syniverse's SEC filing was submitted on September 27 and discussed
> > yesterday in an article in Vice's Motherboard section
> >
> <https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked
> <https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked>>.
>
> > According to Vice, a "former Syniverse employee who worked on the
> EDT
> > systems" said those systems contain information on all types of call
> > records. Vice also quoted an employee of a phone company who said
> that a
> > hacker could have gained access to the contents of SMS text messages.
> >
> > Vice wrote:
> >
> > Syniverse repeatedly declined to answer specific questions from
> > Motherboard about the scale of the breach and what specific
> data was
> > affected, but according to a person who works at a telephone
> > carrier, whoever hacked Syniverse could have had access to
> metadata
> > such as length and cost, caller and receiver's numbers, the
> location
> > of the parties in the call, as well as the content of SMS
> text messages.
> >
> > "Syniverse is a common exchange hub for carriers around the world
> > passing billing info back and forth to each other," the
> source, who
> > asked to remain anonymous as they were not authorized to talk
> to the
> > press, told Motherboard. "So it inevitably carries sensitive info
> > like call records, data usage records, text messages, etc.
> [...] The
> > thing is—I don't know exactly what was being exchanged in that
> > environment. One would have to imagine though it easily could be
> > customer records and [personal identifying information] given
> that
> > Syniverse exchanges call records and other billing details
> between
> > carriers."
> >
> >
> >
> > Original Article: https://arstechnica.com/?p=1801405
> <https://arstechnica.com/?p=1801405>
> > <https://arstechnica.com/?p=1801405
> <https://arstechnica.com/?p=1801405>>
> >
> >
> > Michael Brock
> >
> > Thank you for subscribing to the Security Box email list. If you
> need list management options, please see the link for a section to
> log in, manage your subscription, and possibly other options that
> may be of interest.
> >
> > Need help? write the owner, and the owner will get back to you
> as quickly as possible. Be clear on what you need.
> >
> > Thanks for subscribing!
> >
>
> Thank you for subscribing to the Security Box email list. If you
> need list management options, please see the link for a section to
> log in, manage your subscription, and possibly other options that
> may be of interest.
>
> Need help? write the owner, and the owner will get back to you as
> quickly as possible. Be clear on what you need.
>
> Thanks for subscribing!
>
> --
> Thesecuritybox mailing list
> Thesecuritybox at 986themix.com <mailto:Thesecuritybox at 986themix.com>
> http://mail.986themix.com/mailman/listinfo/thesecuritybox_986themix.com
> <http://mail.986themix.com/mailman/listinfo/thesecuritybox_986themix.com>
>
More information about the Thesecuritybox
mailing list