The gate Arab News Technical The Gate Arab News Technical
Uncover the breakthrough tremendous amount of data about tens of millions of short text messages SMS, and get out the base data is safe include 26 million SMS this year only, some contain private data customers such as information, password reset notifications, shipping codes, authentication, and the database is running by Voxox, a telecommunications company taken from San Francisco, California headquarters, even worse, that the database wasn’t password protected, which made them open to hackers, according to Sebastian Cowley Sébastien Kaul include, the Security researcher in Berlin who discovered the weakness.
The researcher found that the database wasn’t protected by a password only, it was searchable through names, phone numbers, and company Voxox (formerly Telcentris) as an intermediary between application developers and the identity of the users, as when someone asked for example to change the password, the app sends a link or code to reset the account to the phone of the person, and Voxox download those icons to text messages yet delivered to the user’s phone.
The database included, which was discovered by the researcher easily via the search engine Shodan for devices and databases available to the public, also text messages have been sent to customers of companies such as Google, Microsoft, Amazon, concern that the database was still working even after the discovery of the pressure, which means the possibility of observing any password reset requests or authentication codes binary by hackers and used to gain access to the user’s account in case they have all the correct credentials.
Can’t use many of the symbols of authentication and re-appointment only for a short time, but if intercepted in time, it is possible to be used by hackers
Stopped the company Voxox database for work after knowing the problem, she said, “it’s looking at the case and pursues a policy of to penetrate the standard data in the current time, in addition to they work on impact assessment”, the scholar noted the types of data that were passing through the database Voxox in real time, they been linked to each record in the database with the telephone number of the recipient, and included one of the messages the password for the app Badoo, while the included several letters codes reset passwords for accounts Microsoft and Huawei.
Said Mike Godfrey Mike Godfrey, Executive Officer, company security Insinia Security: “we found all that the idea of using text messages to authenticate and verify the account is a bad idea because hackers can access text messages”, has pushed the concerns related to communication via SMS, which is transmitted via the telephone network can be breached by hackers, some companies like Facebook and Google to provide secure applications to users, where systems change SMS since several decades, which makes them vulnerable to counterfeit fraud and fraud.
It seems this massive hack and data weaknesses in the use of control through SMS text messages or send links to reset the account password through SMS and why invented companies for authentication, as is recommended by many security experts to authenticate the bilateral treaty on the app itself, which is considered the Safer of the control via SMS, as there are another option is the use of downstream applications, such as 1Password or LastPass.
The gate Arab News technical breakthrough reveals tens of millions of short text messages.
If you are watching what you read now, be aware that this content a user is illegally in this location, and the original position of the gate Arab News Technical