Motherboard reveals that a private company, an essential component of the global telecommunications infrastructure, has just admitted having been compromised since 2016. The hacker (s), or spyware, could have had access to metadata such as the length and cost of the calls, the caller and recipient numbers, the location of the parties in the call, as well as the contents of billions. SMS per year.
The company, Syniverse, has disclosed to the US Security and Exchange Commission (SEC) that an “ unknown individual or organization has obtained from repeatedly unauthorized access to databases on its network, and that the connection information for accessing or from its Electronic Transfer Data (EDT) has been compromised for approximately 235 of its customers ”.
She would have discovered the breach in May 2021, but also that the piracy would have started in May 2016. “ Syniverse has completed a thorough investigation into the incident which revealed that the individual or organization repeatedly obtained unauthorized access to databases in their network and that login credentials allowing access to or from its EDT environment have been compromised for certain customers “, specifies the company.
” All customers of EDT had their credentials reset or disabled, even though their credentials were not affected by the incident. We have communicated directly with our customers about this and have concluded that no further action is required . ”
Syniverse, which is branding itself on Twitter as“ The world’s #mostconnected company ”, processes more than 740 billion SMS each year and has “ direct connections ” with more than 300 mobile operators worldwide. 95 of the 100 largest mobile operators in the world, including the three largest in the United States and major international operators such as Telefonica and America Movil, are customers of Syniverse.
“ The world’s largest companies and almost all mobile operators’ leverage Syniverse’s global network to seamlessly link mobile ecosystems and securely transmit data, enabling billions of transactions, conversations and connections , ”Syniverse wrote in a recent release
“ Syniverse systems have direct access to telephone call recordings and text messaging, and indirect access to a wide range of secure Internet accounts by 2-factor SMS authentication. The Syniverse hack will make it easier to access Google, Microsoft, Facebook, Twitter, Amazon and all kinds of other accounts, all at the same time , ”says Karsten Nohl, a security researcher who studied the world of mobile phone networks for a decade.
“ With all this information, I could create a profile on you. I’ll know exactly what you’re doing, who you’re calling, what’s going on. I’ll know when you get a voicemail notification. I’ll know who left the voicemail. I will know how long this voicemail message was left. When you make a phone call, I will know exactly where you made it from , ”said a telecommunications industry insider, who asked to remain anonymous because he was not authorized. to talk to the press. “ I’ll know more about you than your doctor ”
A former employee of Syniverse believes that says the damage could be much more Limited: “ I think that’s extremely embarrassing, but probably not the cause of significant damage. It hits me because of a certain laziness, as I have seen security breaches happen like this a few times. Because we haven’t seen anything come out of it for five years. I’m not saying nothing bad happened, but it looks like nothing happened ”.