Security Newsletter

22 Aug 2022

How a Third-Party SMS Service Was Used to Take Over Signal Accounts

Last week, hackers broke into the systems of Twilio, a cloud communications company that provides infrastructure to other companies to automate sending text messages to their users. By breaking into Twilio systems hackers could read victims’ text messages. This potentially gave the hackers a chance to take over any victim’s accounts that were tied to their phone number on services that use Twilio.

Crucially, Twilio provides text verification services for the encrypted messaging app Signal. When a user registers their phone number with Signal, Twilio sends them an SMS containing a verification code, which they then input to Signal. On Monday, Signal, which uses Twilio for delivering text messages with verification codes, disclosed that it was one of the targets of this attack. In particular, Signal said that hackers targeted around 1,900 of its users. This means that for those users, the hackers could have registered their numbers on their own device and essentially impersonated them, or intercepted the SMS verification code that Signal uses to register users.

The good news: because of the way Signal is designed, even if a hacker registers their account with a victim’s phone number, they don’t get access to a lot of information.

 

More #News

 

#Breach Log

 

#Patch Time!

 

#Tech and #Tools

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred Group is one of the world’s leading online gambling operators with business across Europe, US and Australia, offering more than 30 million customers across 9 brands a great form of entertainment in a safe, fair and sustainable environment. The company, which employs about 2,000 people, is listed on Nasdaq Stockholm Large Cap and is a member of the European Gaming and Betting Association (EGBA) and founding member of IBIA (Sports Betting Integrity Association). Kindred Group is audited and certified by eCOGRA for compliance with the 2014 EU Recommendation on Consumer Protection and Responsible Gambling (2014/478/EU). Read more on www.kindredgroup.com.