Forwarding Your Phone's Texts Could Invite Hackers
L to R: Droid X2, BlackBerry Torch, LG Enlighten
Getting your text messages delivered to your PC or tablet sounds pretty convenient, until a hacker uses that text-forwarding feature to hijack your Gmail. This sequence of events recently happened to Lillian Smith, a prominent social media expert, who fought a valiant technological battle against a persistent foe.
Smith, who lives in the San Francisco Bay area, describes the incident on her blog. Her experience began on June 20 with a text message from Verizon Wireless, which informed her that Integrated Messaging had been activated on her phone. This service forwards text and multimedia messages from a user's phone to that person's tablet or computer.
Integrated Messaging is a fairly robust service and has many useful applications. Users can save their messages to an SD card (Verizon Wireless phones usually cap out at around 200 messages per conversation), save texted photos to their hard drives or continue important conversations when they can't get to a phone.
Any useful innovation has a dark side, though. Smith initially did not think much of the Verizon notification, but 10 minutes later, she received a number of Google verification codes.
As it turns out, Smith had previously activated two-step verification for her Gmail account, which requires a secondary verification code sent via text before a user can log in to an account. This process usually keeps an account safe from hackers — unless, of course, the hacker has set it up so that a user's texts get forwarded elsewhere.
Smith realized what was happening and jumped onto Google to change her password. She proceeded to call Verizon Wireless and request that the company turn Integrated Messaging off. The representatives to whom she spoke had never heard of the process (even though the Verizon Wireless website delineates the feature very clearly). [See also: 7 Security Tips for Smartphone Users]
The next morning, Smith checked her phone to discover that Verizon had not deactivated Integrated Messaging, allowing the hacker to receive Smith's verification code and log into her Gmail account. After some additional finagling, Smith managed to regain control of both her Verizon Wireless and Gmail accounts before anything untoward happened.
The incident illustrates a very salient point about two-step verification: While it's generally a very safe measure, it is open to exploits and manipulation, just like any other security system. In order to prevent Smith's woes from befalling your own account, use a secure password for your Verizon Wireless account, and think very carefully about whether you really need to read texts on your computer.