By now most infosec professionals are aware of various ways SMS text messaging can be hijacked. For example so-called âSIM Swapâ attacks, SS7 attacks, Port-out fraud, etc. All of these attacks however do require some level of sophistication, whether it be high level access to SS7, or account information or social engineering to successfully port out the phone number to a new provider or swap the sim on the existing account.
There is however other vulnerabilities that are not particularly well known. For VoIP numbers in particular, which may be assigned to a CLEC or VoIP wholesaler, the SMS may need to be routed to a different carrier than the carrier of record. This is accomplished in two different ways. One is an ALT SPID, which NPAC defines as âThe four-digit identifier of a