SMS has been around forever, and that means that many of us have it set up for all kinds of things, with hospital appointment reminders, two-factor authentication codes, and more sent in text form to a user’s phone.
SMS appeared on the network in real-timeOver 26 million SMS messages exchanged between clients of a telecommunications company Voxox, based in California, was in the public domain.
The server itself belongs to the communications company Voxox (formerly Telcentris) which failed to secure it and the data it holds with a password. Discovered by Sébastien Kaul, a Berlin-based security researcher, the database was said to be running on Amazon Elasticsearch with Kibana front-end configuration that made the data accessible. With the database remaining available even after the security flaw was found, it’s possible that anyone could have potentially intercepted messages – including those used for two-factor authentication. There were also messages from Yahoo account keys, and user verification from other apps like KakaoTalk, Viber, and online quiz app HQ Trivia. Users of two-factor authentication rely on an SMS version of it, where a PIN code is texted to their phones.
The Aricebo message: the first attempt to contact aliens 44 years ago
The 1974 Arecibo Message is a three-minute long missive made up of exactly 1,679 binary digits. The Aricebo message was to demonstrate the power of the Aricebo telescope and its capabilities.
Although the codes themselves would only be usable for a very short amount of time, the fact that the security researcher could open the database and read them off in real-time is particularly troubling.
“Our resources are looking into the issue and following standard data breach policy at the moment”, Barrett Brown, director of customer service at Vovox, said in a statement.