SMS continues to pose significant risks to individuals because attackers have increasingly tapped these messages via more aggressive attacks as a means to compromise accounts. In July 2016, the National Institute of Standards and Technology advised that SMS should be deprecated. The risk posed by sending anything via SMS is well known and has been repeatedly flagged. Efforts by Information Security Media Group to reach Voxox officials weren't immediately successful. Techcrunch reports that a hunt through the databases shows it held codes and messages transmitted by a host of big companies, including Microsoft, Yahoo, Fidelity Investments, Badoo and more.Īfter Techcrunch notified Voxox, the database was taken offline. That makes the company a key part of security chain. Voxox processes whatever message an organization wants to send along and then passes it to mobile networks. Voxox offers a service to help organizations deliver SMSes using the Short Message Peer-to-Peer - SMPP - protocol or a web service API. The database belonged to Voxox, a San Diego-based company formerly known as Telecentris, which specializes in VOIP, bulk SMS and other cloud-based telecommunication services. The database ran on Amazon's Elasticsearch and used Kibana, a visualization and querying tool that made it possible to search through the mass of data for text strings and phone numbers, TechCrunch reports.Ī security researcher, Sébastien Kaul of Berlin, discovered the database using the Shodan search engine, according to TechCrunch. When it was found, the database was still recording texts in near real-time, offering a huge resource for potential attackers. Voxox sms verification verification#The database, which wasn't protected by a password, contained 26 million text messages, some of which were two-step verification codes and password reset links, TechCrunch reports. See Also: Webinar | Prevent, Detect & Restore: Data Security Backup Systems Made Easy A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |